1 /*
2  * hostapd / Station table
3  * Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "utils/includes.h"
10 
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "common/ieee802_11_defs.h"
14 #include "common/wpa_ctrl.h"
15 #include "common/sae.h"
16 #include "common/dpp.h"
17 #include "radius/radius.h"
18 #include "radius/radius_client.h"
19 #include "p2p/p2p.h"
20 #include "fst/fst.h"
21 #include "crypto/crypto.h"
22 #include "hostapd.h"
23 #include "accounting.h"
24 #include "ieee802_1x.h"
25 #include "ieee802_11.h"
26 #include "ieee802_11_auth.h"
27 #include "wpa_auth.h"
28 #include "preauth_auth.h"
29 #include "ap_config.h"
30 #include "beacon.h"
31 #include "ap_mlme.h"
32 #include "vlan_init.h"
33 #include "p2p_hostapd.h"
34 #include "ap_drv_ops.h"
35 #include "gas_serv.h"
36 #include "wnm_ap.h"
37 #include "mbo_ap.h"
38 #include "ndisc_snoop.h"
39 #include "sta_info.h"
40 #include "vlan.h"
41 #include "wps_hostapd.h"
42 
43 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd,
44 				       struct sta_info *sta);
45 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx);
46 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx);
47 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx);
48 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx);
49 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx);
50 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta);
51 static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx);
52 
ap_for_each_sta(struct hostapd_data * hapd,int (* cb)(struct hostapd_data * hapd,struct sta_info * sta,void * ctx),void * ctx)53 int ap_for_each_sta(struct hostapd_data *hapd,
54 		    int (*cb)(struct hostapd_data *hapd, struct sta_info *sta,
55 			      void *ctx),
56 		    void *ctx)
57 {
58 	struct sta_info *sta;
59 
60 	for (sta = hapd->sta_list; sta; sta = sta->next) {
61 		if (cb(hapd, sta, ctx))
62 			return 1;
63 	}
64 
65 	return 0;
66 }
67 
68 
ap_get_sta(struct hostapd_data * hapd,const u8 * sta)69 struct sta_info * ap_get_sta(struct hostapd_data *hapd, const u8 *sta)
70 {
71 	struct sta_info *s;
72 
73 	s = hapd->sta_hash[STA_HASH(sta)];
74 	while (s != NULL && os_memcmp(s->addr, sta, 6) != 0)
75 		s = s->hnext;
76 	return s;
77 }
78 
79 
80 #ifdef CONFIG_P2P
ap_get_sta_p2p(struct hostapd_data * hapd,const u8 * addr)81 struct sta_info * ap_get_sta_p2p(struct hostapd_data *hapd, const u8 *addr)
82 {
83 	struct sta_info *sta;
84 
85 	for (sta = hapd->sta_list; sta; sta = sta->next) {
86 		const u8 *p2p_dev_addr;
87 
88 		if (sta->p2p_ie == NULL)
89 			continue;
90 
91 		p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie);
92 		if (p2p_dev_addr == NULL)
93 			continue;
94 
95 		if (os_memcmp(p2p_dev_addr, addr, ETH_ALEN) == 0)
96 			return sta;
97 	}
98 
99 	return NULL;
100 }
101 #endif /* CONFIG_P2P */
102 
103 
ap_sta_list_del(struct hostapd_data * hapd,struct sta_info * sta)104 static void ap_sta_list_del(struct hostapd_data *hapd, struct sta_info *sta)
105 {
106 	struct sta_info *tmp;
107 
108 	if (hapd->sta_list == sta) {
109 		hapd->sta_list = sta->next;
110 		return;
111 	}
112 
113 	tmp = hapd->sta_list;
114 	while (tmp != NULL && tmp->next != sta)
115 		tmp = tmp->next;
116 	if (tmp == NULL) {
117 		wpa_printf(MSG_DEBUG, "Could not remove STA " MACSTR " from "
118 			   "list.", MAC2STR(sta->addr));
119 	} else
120 		tmp->next = sta->next;
121 }
122 
123 
ap_sta_hash_add(struct hostapd_data * hapd,struct sta_info * sta)124 void ap_sta_hash_add(struct hostapd_data *hapd, struct sta_info *sta)
125 {
126 	sta->hnext = hapd->sta_hash[STA_HASH(sta->addr)];
127 	hapd->sta_hash[STA_HASH(sta->addr)] = sta;
128 }
129 
130 
ap_sta_hash_del(struct hostapd_data * hapd,struct sta_info * sta)131 static void ap_sta_hash_del(struct hostapd_data *hapd, struct sta_info *sta)
132 {
133 	struct sta_info *s;
134 
135 	s = hapd->sta_hash[STA_HASH(sta->addr)];
136 	if (s == NULL) return;
137 	if (os_memcmp(s->addr, sta->addr, 6) == 0) {
138 		hapd->sta_hash[STA_HASH(sta->addr)] = s->hnext;
139 		return;
140 	}
141 
142 	while (s->hnext != NULL &&
143 	       os_memcmp(s->hnext->addr, sta->addr, ETH_ALEN) != 0)
144 		s = s->hnext;
145 	if (s->hnext != NULL)
146 		s->hnext = s->hnext->hnext;
147 	else
148 		wpa_printf(MSG_DEBUG, "AP: could not remove STA " MACSTR
149 			   " from hash table", MAC2STR(sta->addr));
150 }
151 
152 
ap_sta_ip6addr_del(struct hostapd_data * hapd,struct sta_info * sta)153 void ap_sta_ip6addr_del(struct hostapd_data *hapd, struct sta_info *sta)
154 {
155 	sta_ip6addr_del(hapd, sta);
156 }
157 
158 
159 #ifdef CONFIG_PASN
160 
ap_free_sta_pasn(struct hostapd_data * hapd,struct sta_info * sta)161 void ap_free_sta_pasn(struct hostapd_data *hapd, struct sta_info *sta)
162 {
163 	if (sta->pasn) {
164 		wpa_printf(MSG_DEBUG, "PASN: Free PASN context: " MACSTR,
165 			   MAC2STR(sta->addr));
166 
167 		if (sta->pasn->ecdh)
168 			crypto_ecdh_deinit(sta->pasn->ecdh);
169 
170 		wpabuf_free(sta->pasn->secret);
171 		sta->pasn->secret = NULL;
172 
173 #ifdef CONFIG_SAE
174 		sae_clear_data(&sta->pasn->sae);
175 #endif /* CONFIG_SAE */
176 
177 #ifdef CONFIG_FILS
178 		/* In practice this pointer should be NULL */
179 		wpabuf_free(sta->pasn->fils.erp_resp);
180 		sta->pasn->fils.erp_resp = NULL;
181 #endif /* CONFIG_FILS */
182 
183 		bin_clear_free(sta->pasn, sizeof(*sta->pasn));
184 		sta->pasn = NULL;
185 	}
186 }
187 
188 #endif /* CONFIG_PASN */
189 
ap_free_sta(struct hostapd_data * hapd,struct sta_info * sta)190 void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
191 {
192 	int set_beacon = 0;
193 
194 	accounting_sta_stop(hapd, sta);
195 
196 	/* just in case */
197 	ap_sta_set_authorized(hapd, sta, 0);
198 	hostapd_set_sta_flags(hapd, sta);
199 
200 	if ((sta->flags & WLAN_STA_WDS) ||
201 	    (sta->flags & WLAN_STA_MULTI_AP &&
202 	     !(hapd->conf->multi_ap & FRONTHAUL_BSS) &&
203 	     !(sta->flags & WLAN_STA_WPS)))
204 		hostapd_set_wds_sta(hapd, NULL, sta->addr, sta->aid, 0);
205 
206 	if (sta->ipaddr)
207 		hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
208 	ap_sta_ip6addr_del(hapd, sta);
209 
210 	if (!hapd->iface->driver_ap_teardown &&
211 	    !(sta->flags & WLAN_STA_PREAUTH)) {
212 		hostapd_drv_sta_remove(hapd, sta->addr);
213 		sta->added_unassoc = 0;
214 	}
215 
216 	ap_sta_hash_del(hapd, sta);
217 	ap_sta_list_del(hapd, sta);
218 
219 	if (sta->aid > 0)
220 		hapd->sta_aid[(sta->aid - 1) / 32] &=
221 			~BIT((sta->aid - 1) % 32);
222 
223 	hapd->num_sta--;
224 	if (sta->nonerp_set) {
225 		sta->nonerp_set = 0;
226 		hapd->iface->num_sta_non_erp--;
227 		if (hapd->iface->num_sta_non_erp == 0)
228 			set_beacon++;
229 	}
230 
231 	if (sta->no_short_slot_time_set) {
232 		sta->no_short_slot_time_set = 0;
233 		hapd->iface->num_sta_no_short_slot_time--;
234 		if (hapd->iface->current_mode &&
235 		    hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
236 		    && hapd->iface->num_sta_no_short_slot_time == 0)
237 			set_beacon++;
238 	}
239 
240 	if (sta->no_short_preamble_set) {
241 		sta->no_short_preamble_set = 0;
242 		hapd->iface->num_sta_no_short_preamble--;
243 		if (hapd->iface->current_mode &&
244 		    hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
245 		    && hapd->iface->num_sta_no_short_preamble == 0)
246 			set_beacon++;
247 	}
248 
249 	if (sta->no_ht_gf_set) {
250 		sta->no_ht_gf_set = 0;
251 		hapd->iface->num_sta_ht_no_gf--;
252 	}
253 
254 	if (sta->no_ht_set) {
255 		sta->no_ht_set = 0;
256 		hapd->iface->num_sta_no_ht--;
257 	}
258 
259 	if (sta->ht_20mhz_set) {
260 		sta->ht_20mhz_set = 0;
261 		hapd->iface->num_sta_ht_20mhz--;
262 	}
263 
264 #ifdef CONFIG_TAXONOMY
265 	wpabuf_free(sta->probe_ie_taxonomy);
266 	sta->probe_ie_taxonomy = NULL;
267 	wpabuf_free(sta->assoc_ie_taxonomy);
268 	sta->assoc_ie_taxonomy = NULL;
269 #endif /* CONFIG_TAXONOMY */
270 
271 	ht40_intolerant_remove(hapd->iface, sta);
272 
273 #ifdef CONFIG_P2P
274 	if (sta->no_p2p_set) {
275 		sta->no_p2p_set = 0;
276 		hapd->num_sta_no_p2p--;
277 		if (hapd->num_sta_no_p2p == 0)
278 			hostapd_p2p_non_p2p_sta_disconnected(hapd);
279 	}
280 #endif /* CONFIG_P2P */
281 
282 #ifdef NEED_AP_MLME
283 	if (hostapd_ht_operation_update(hapd->iface) > 0)
284 		set_beacon++;
285 #endif /* NEED_AP_MLME */
286 
287 #ifdef CONFIG_MESH
288 	if (hapd->mesh_sta_free_cb)
289 		hapd->mesh_sta_free_cb(hapd, sta);
290 #endif /* CONFIG_MESH */
291 
292 	if (set_beacon)
293 		ieee802_11_set_beacons(hapd->iface);
294 
295 	wpa_printf(MSG_DEBUG, "%s: cancel ap_handle_timer for " MACSTR,
296 		   __func__, MAC2STR(sta->addr));
297 	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
298 	eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
299 	eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta);
300 	ap_sta_clear_disconnect_timeouts(hapd, sta);
301 	sae_clear_retransmit_timer(hapd, sta);
302 
303 	ieee802_1x_free_station(hapd, sta);
304 	wpa_auth_sta_deinit(sta->wpa_sm);
305 	rsn_preauth_free_station(hapd, sta);
306 #ifndef CONFIG_NO_RADIUS
307 	if (hapd->radius)
308 		radius_client_flush_auth(hapd->radius, sta->addr);
309 #endif /* CONFIG_NO_RADIUS */
310 
311 #ifndef CONFIG_NO_VLAN
312 	/*
313 	 * sta->wpa_sm->group needs to be released before so that
314 	 * vlan_remove_dynamic() can check that no stations are left on the
315 	 * AP_VLAN netdev.
316 	 */
317 	if (sta->vlan_id)
318 		vlan_remove_dynamic(hapd, sta->vlan_id);
319 	if (sta->vlan_id_bound) {
320 		/*
321 		 * Need to remove the STA entry before potentially removing the
322 		 * VLAN.
323 		 */
324 		if (hapd->iface->driver_ap_teardown &&
325 		    !(sta->flags & WLAN_STA_PREAUTH)) {
326 			hostapd_drv_sta_remove(hapd, sta->addr);
327 			sta->added_unassoc = 0;
328 		}
329 		vlan_remove_dynamic(hapd, sta->vlan_id_bound);
330 	}
331 #endif /* CONFIG_NO_VLAN */
332 
333 	os_free(sta->challenge);
334 
335 	os_free(sta->sa_query_trans_id);
336 	eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
337 
338 #ifdef CONFIG_P2P
339 	p2p_group_notif_disassoc(hapd->p2p_group, sta->addr);
340 #endif /* CONFIG_P2P */
341 
342 #ifdef CONFIG_INTERWORKING
343 	if (sta->gas_dialog) {
344 		int i;
345 		for (i = 0; i < GAS_DIALOG_MAX; i++)
346 			gas_serv_dialog_clear(&sta->gas_dialog[i]);
347 		os_free(sta->gas_dialog);
348 	}
349 #endif /* CONFIG_INTERWORKING */
350 
351 	wpabuf_free(sta->wps_ie);
352 	wpabuf_free(sta->p2p_ie);
353 	wpabuf_free(sta->hs20_ie);
354 	wpabuf_free(sta->roaming_consortium);
355 #ifdef CONFIG_FST
356 	wpabuf_free(sta->mb_ies);
357 #endif /* CONFIG_FST */
358 
359 	os_free(sta->ht_capabilities);
360 	os_free(sta->vht_capabilities);
361 	os_free(sta->vht_operation);
362 	os_free(sta->he_capab);
363 	os_free(sta->he_6ghz_capab);
364 	os_free(sta->eht_capab);
365 	hostapd_free_psk_list(sta->psk);
366 	os_free(sta->identity);
367 	os_free(sta->radius_cui);
368 	os_free(sta->remediation_url);
369 	os_free(sta->t_c_url);
370 	wpabuf_free(sta->hs20_deauth_req);
371 	os_free(sta->hs20_session_info_url);
372 
373 #ifdef CONFIG_SAE
374 	sae_clear_data(sta->sae);
375 	os_free(sta->sae);
376 #endif /* CONFIG_SAE */
377 
378 	mbo_ap_sta_free(sta);
379 	os_free(sta->supp_op_classes);
380 
381 #ifdef CONFIG_FILS
382 	os_free(sta->fils_pending_assoc_req);
383 	wpabuf_free(sta->fils_hlp_resp);
384 	wpabuf_free(sta->hlp_dhcp_discover);
385 	eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
386 #ifdef CONFIG_FILS_SK_PFS
387 	crypto_ecdh_deinit(sta->fils_ecdh);
388 	wpabuf_clear_free(sta->fils_dh_ss);
389 	wpabuf_free(sta->fils_g_sta);
390 #endif /* CONFIG_FILS_SK_PFS */
391 #endif /* CONFIG_FILS */
392 
393 #ifdef CONFIG_OWE
394 	bin_clear_free(sta->owe_pmk, sta->owe_pmk_len);
395 	crypto_ecdh_deinit(sta->owe_ecdh);
396 #endif /* CONFIG_OWE */
397 
398 #ifdef CONFIG_DPP2
399 	dpp_pfs_free(sta->dpp_pfs);
400 	sta->dpp_pfs = NULL;
401 #endif /* CONFIG_DPP2 */
402 
403 	os_free(sta->ext_capability);
404 
405 #ifdef CONFIG_WNM_AP
406 	eloop_cancel_timeout(ap_sta_reset_steer_flag_timer, hapd, sta);
407 #endif /* CONFIG_WNM_AP */
408 
409 #ifdef CONFIG_PASN
410 	ap_free_sta_pasn(hapd, sta);
411 #endif /* CONFIG_PASN */
412 
413 	os_free(sta->ifname_wds);
414 
415 #ifdef CONFIG_TESTING_OPTIONS
416 	os_free(sta->sae_postponed_commit);
417 	forced_memzero(sta->last_tk, WPA_TK_MAX_LEN);
418 #endif /* CONFIG_TESTING_OPTIONS */
419 
420 	os_free(sta);
421 }
422 
423 
hostapd_free_stas(struct hostapd_data * hapd)424 void hostapd_free_stas(struct hostapd_data *hapd)
425 {
426 	struct sta_info *sta, *prev;
427 
428 	sta = hapd->sta_list;
429 
430 	while (sta) {
431 		prev = sta;
432 		if (sta->flags & WLAN_STA_AUTH) {
433 			mlme_deauthenticate_indication(
434 				hapd, sta, WLAN_REASON_UNSPECIFIED);
435 		}
436 		sta = sta->next;
437 		wpa_printf(MSG_DEBUG, "Removing station " MACSTR,
438 			   MAC2STR(prev->addr));
439 		ap_free_sta(hapd, prev);
440 	}
441 }
442 
443 
444 /**
445  * ap_handle_timer - Per STA timer handler
446  * @eloop_ctx: struct hostapd_data *
447  * @timeout_ctx: struct sta_info *
448  *
449  * This function is called to check station activity and to remove inactive
450  * stations.
451  */
ap_handle_timer(void * eloop_ctx,void * timeout_ctx)452 void ap_handle_timer(void *eloop_ctx, void *timeout_ctx)
453 {
454 	struct hostapd_data *hapd = eloop_ctx;
455 	struct sta_info *sta = timeout_ctx;
456 	unsigned long next_time = 0;
457 	int reason;
458 
459 	wpa_printf(MSG_DEBUG, "%s: %s: " MACSTR " flags=0x%x timeout_next=%d",
460 		   hapd->conf->iface, __func__, MAC2STR(sta->addr), sta->flags,
461 		   sta->timeout_next);
462 	if (sta->timeout_next == STA_REMOVE) {
463 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
464 			       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
465 			       "local deauth request");
466 		ap_free_sta(hapd, sta);
467 		return;
468 	}
469 
470 	if ((sta->flags & WLAN_STA_ASSOC) &&
471 	    (sta->timeout_next == STA_NULLFUNC ||
472 	     sta->timeout_next == STA_DISASSOC)) {
473 		int inactive_sec;
474 		/*
475 		 * Add random value to timeout so that we don't end up bouncing
476 		 * all stations at the same time if we have lots of associated
477 		 * stations that are idle (but keep re-associating).
478 		 */
479 		int fuzz = os_random() % 20;
480 		inactive_sec = hostapd_drv_get_inact_sec(hapd, sta->addr);
481 		if (inactive_sec == -1) {
482 			wpa_msg(hapd->msg_ctx, MSG_DEBUG,
483 				"Check inactivity: Could not "
484 				"get station info from kernel driver for "
485 				MACSTR, MAC2STR(sta->addr));
486 			/*
487 			 * The driver may not support this functionality.
488 			 * Anyway, try again after the next inactivity timeout,
489 			 * but do not disconnect the station now.
490 			 */
491 			next_time = hapd->conf->ap_max_inactivity + fuzz;
492 		} else if (inactive_sec == -ENOENT) {
493 			wpa_msg(hapd->msg_ctx, MSG_DEBUG,
494 				"Station " MACSTR " has lost its driver entry",
495 				MAC2STR(sta->addr));
496 
497 			/* Avoid sending client probe on removed client */
498 			sta->timeout_next = STA_DISASSOC;
499 			goto skip_poll;
500 		} else if (inactive_sec < hapd->conf->ap_max_inactivity) {
501 			/* station activity detected; reset timeout state */
502 			wpa_msg(hapd->msg_ctx, MSG_DEBUG,
503 				"Station " MACSTR " has been active %is ago",
504 				MAC2STR(sta->addr), inactive_sec);
505 			sta->timeout_next = STA_NULLFUNC;
506 			next_time = hapd->conf->ap_max_inactivity + fuzz -
507 				inactive_sec;
508 		} else {
509 			wpa_msg(hapd->msg_ctx, MSG_DEBUG,
510 				"Station " MACSTR " has been "
511 				"inactive too long: %d sec, max allowed: %d",
512 				MAC2STR(sta->addr), inactive_sec,
513 				hapd->conf->ap_max_inactivity);
514 
515 			if (hapd->conf->skip_inactivity_poll)
516 				sta->timeout_next = STA_DISASSOC;
517 		}
518 	}
519 
520 	if ((sta->flags & WLAN_STA_ASSOC) &&
521 	    sta->timeout_next == STA_DISASSOC &&
522 	    !(sta->flags & WLAN_STA_PENDING_POLL) &&
523 	    !hapd->conf->skip_inactivity_poll) {
524 		wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR
525 			" has ACKed data poll", MAC2STR(sta->addr));
526 		/* data nullfunc frame poll did not produce TX errors; assume
527 		 * station ACKed it */
528 		sta->timeout_next = STA_NULLFUNC;
529 		next_time = hapd->conf->ap_max_inactivity;
530 	}
531 
532 skip_poll:
533 	if (next_time) {
534 		wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
535 			   "for " MACSTR " (%lu seconds)",
536 			   __func__, MAC2STR(sta->addr), next_time);
537 		eloop_register_timeout(next_time, 0, ap_handle_timer, hapd,
538 				       sta);
539 		return;
540 	}
541 
542 	if (sta->timeout_next == STA_NULLFUNC &&
543 	    (sta->flags & WLAN_STA_ASSOC)) {
544 		wpa_printf(MSG_DEBUG, "  Polling STA");
545 		sta->flags |= WLAN_STA_PENDING_POLL;
546 		hostapd_drv_poll_client(hapd, hapd->own_addr, sta->addr,
547 					sta->flags & WLAN_STA_WMM);
548 	} else if (sta->timeout_next != STA_REMOVE) {
549 		int deauth = sta->timeout_next == STA_DEAUTH;
550 
551 		if (!deauth && !(sta->flags & WLAN_STA_ASSOC)) {
552 			/* Cannot disassociate not-associated STA, so move
553 			 * directly to deauthentication. */
554 			sta->timeout_next = STA_DEAUTH;
555 			deauth = 1;
556 		}
557 
558 		wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
559 			"Timeout, sending %s info to STA " MACSTR,
560 			deauth ? "deauthentication" : "disassociation",
561 			MAC2STR(sta->addr));
562 
563 		if (deauth) {
564 			hostapd_drv_sta_deauth(
565 				hapd, sta->addr,
566 				WLAN_REASON_PREV_AUTH_NOT_VALID);
567 		} else {
568 			reason = (sta->timeout_next == STA_DISASSOC) ?
569 				WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY :
570 				WLAN_REASON_PREV_AUTH_NOT_VALID;
571 
572 			hostapd_drv_sta_disassoc(hapd, sta->addr, reason);
573 		}
574 	}
575 
576 	switch (sta->timeout_next) {
577 	case STA_NULLFUNC:
578 		sta->timeout_next = STA_DISASSOC;
579 		wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
580 			   "for " MACSTR " (%d seconds - AP_DISASSOC_DELAY)",
581 			   __func__, MAC2STR(sta->addr), AP_DISASSOC_DELAY);
582 		eloop_register_timeout(AP_DISASSOC_DELAY, 0, ap_handle_timer,
583 				       hapd, sta);
584 		break;
585 	case STA_DISASSOC:
586 	case STA_DISASSOC_FROM_CLI:
587 		ap_sta_set_authorized(hapd, sta, 0);
588 		sta->flags &= ~WLAN_STA_ASSOC;
589 		hostapd_set_sta_flags(hapd, sta);
590 		ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
591 		if (!sta->acct_terminate_cause)
592 			sta->acct_terminate_cause =
593 				RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
594 		accounting_sta_stop(hapd, sta);
595 		ieee802_1x_free_station(hapd, sta);
596 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
597 			       HOSTAPD_LEVEL_INFO, "disassociated due to "
598 			       "inactivity");
599 		reason = (sta->timeout_next == STA_DISASSOC) ?
600 			WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY :
601 			WLAN_REASON_PREV_AUTH_NOT_VALID;
602 		sta->timeout_next = STA_DEAUTH;
603 		wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
604 			   "for " MACSTR " (%d seconds - AP_DEAUTH_DELAY)",
605 			   __func__, MAC2STR(sta->addr), AP_DEAUTH_DELAY);
606 		eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
607 				       hapd, sta);
608 		mlme_disassociate_indication(hapd, sta, reason);
609 		break;
610 	case STA_DEAUTH:
611 	case STA_REMOVE:
612 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
613 			       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
614 			       "inactivity (timer DEAUTH/REMOVE)");
615 		if (!sta->acct_terminate_cause)
616 			sta->acct_terminate_cause =
617 				RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
618 		mlme_deauthenticate_indication(
619 			hapd, sta,
620 			WLAN_REASON_PREV_AUTH_NOT_VALID);
621 		ap_free_sta(hapd, sta);
622 		break;
623 	}
624 }
625 
626 
ap_handle_session_timer(void * eloop_ctx,void * timeout_ctx)627 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx)
628 {
629 	struct hostapd_data *hapd = eloop_ctx;
630 	struct sta_info *sta = timeout_ctx;
631 
632 	wpa_printf(MSG_DEBUG, "%s: Session timer for STA " MACSTR,
633 		   hapd->conf->iface, MAC2STR(sta->addr));
634 	if (!(sta->flags & (WLAN_STA_AUTH | WLAN_STA_ASSOC |
635 			    WLAN_STA_AUTHORIZED))) {
636 		if (sta->flags & WLAN_STA_GAS) {
637 			wpa_printf(MSG_DEBUG, "GAS: Remove temporary STA "
638 				   "entry " MACSTR, MAC2STR(sta->addr));
639 			ap_free_sta(hapd, sta);
640 		}
641 		return;
642 	}
643 
644 	hostapd_drv_sta_deauth(hapd, sta->addr,
645 			       WLAN_REASON_PREV_AUTH_NOT_VALID);
646 	mlme_deauthenticate_indication(hapd, sta,
647 				       WLAN_REASON_PREV_AUTH_NOT_VALID);
648 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
649 		       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
650 		       "session timeout");
651 	sta->acct_terminate_cause =
652 		RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT;
653 	ap_free_sta(hapd, sta);
654 }
655 
656 
ap_sta_replenish_timeout(struct hostapd_data * hapd,struct sta_info * sta,u32 session_timeout)657 void ap_sta_replenish_timeout(struct hostapd_data *hapd, struct sta_info *sta,
658 			      u32 session_timeout)
659 {
660 	if (eloop_replenish_timeout(session_timeout, 0,
661 				    ap_handle_session_timer, hapd, sta) == 1) {
662 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
663 			       HOSTAPD_LEVEL_DEBUG, "setting session timeout "
664 			       "to %d seconds", session_timeout);
665 	}
666 }
667 
668 
ap_sta_session_timeout(struct hostapd_data * hapd,struct sta_info * sta,u32 session_timeout)669 void ap_sta_session_timeout(struct hostapd_data *hapd, struct sta_info *sta,
670 			    u32 session_timeout)
671 {
672 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
673 		       HOSTAPD_LEVEL_DEBUG, "setting session timeout to %d "
674 		       "seconds", session_timeout);
675 	eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
676 	eloop_register_timeout(session_timeout, 0, ap_handle_session_timer,
677 			       hapd, sta);
678 }
679 
680 
ap_sta_no_session_timeout(struct hostapd_data * hapd,struct sta_info * sta)681 void ap_sta_no_session_timeout(struct hostapd_data *hapd, struct sta_info *sta)
682 {
683 	eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
684 }
685 
686 
ap_handle_session_warning_timer(void * eloop_ctx,void * timeout_ctx)687 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx)
688 {
689 #ifdef CONFIG_WNM_AP
690 	struct hostapd_data *hapd = eloop_ctx;
691 	struct sta_info *sta = timeout_ctx;
692 
693 	wpa_printf(MSG_DEBUG, "%s: WNM: Session warning time reached for "
694 		   MACSTR, hapd->conf->iface, MAC2STR(sta->addr));
695 	if (sta->hs20_session_info_url == NULL)
696 		return;
697 
698 	wnm_send_ess_disassoc_imminent(hapd, sta, sta->hs20_session_info_url,
699 				       sta->hs20_disassoc_timer);
700 #endif /* CONFIG_WNM_AP */
701 }
702 
703 
ap_sta_session_warning_timeout(struct hostapd_data * hapd,struct sta_info * sta,int warning_time)704 void ap_sta_session_warning_timeout(struct hostapd_data *hapd,
705 				    struct sta_info *sta, int warning_time)
706 {
707 	eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta);
708 	eloop_register_timeout(warning_time, 0, ap_handle_session_warning_timer,
709 			       hapd, sta);
710 }
711 
712 
ap_sta_add(struct hostapd_data * hapd,const u8 * addr)713 struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr)
714 {
715 	struct sta_info *sta;
716 	int i;
717 
718 	sta = ap_get_sta(hapd, addr);
719 	if (sta)
720 		return sta;
721 
722 	wpa_printf(MSG_DEBUG, "  New STA");
723 	if (hapd->num_sta >= hapd->conf->max_num_sta) {
724 		/* FIX: might try to remove some old STAs first? */
725 		wpa_printf(MSG_DEBUG, "no more room for new STAs (%d/%d)",
726 			   hapd->num_sta, hapd->conf->max_num_sta);
727 		return NULL;
728 	}
729 
730 	sta = os_zalloc(sizeof(struct sta_info));
731 	if (sta == NULL) {
732 		wpa_printf(MSG_ERROR, "malloc failed");
733 		return NULL;
734 	}
735 	sta->acct_interim_interval = hapd->conf->acct_interim_interval;
736 	if (accounting_sta_get_id(hapd, sta) < 0) {
737 		os_free(sta);
738 		return NULL;
739 	}
740 
741 	for (i = 0; i < WLAN_SUPP_RATES_MAX; i++) {
742 		if (!hapd->iface->basic_rates)
743 			break;
744 		if (hapd->iface->basic_rates[i] < 0)
745 			break;
746 		sta->supported_rates[i] = hapd->iface->basic_rates[i] / 5;
747 	}
748 	sta->supported_rates_len = i;
749 
750 	if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER)) {
751 		wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
752 			   "for " MACSTR " (%d seconds - ap_max_inactivity)",
753 			   __func__, MAC2STR(addr),
754 			   hapd->conf->ap_max_inactivity);
755 		eloop_register_timeout(hapd->conf->ap_max_inactivity, 0,
756 				       ap_handle_timer, hapd, sta);
757 	}
758 
759 	/* initialize STA info data */
760 	os_memcpy(sta->addr, addr, ETH_ALEN);
761 	sta->next = hapd->sta_list;
762 	hapd->sta_list = sta;
763 	hapd->num_sta++;
764 	ap_sta_hash_add(hapd, sta);
765 	ap_sta_remove_in_other_bss(hapd, sta);
766 	sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
767 	dl_list_init(&sta->ip6addr);
768 
769 #ifdef CONFIG_TAXONOMY
770 	sta_track_claim_taxonomy_info(hapd->iface, addr,
771 				      &sta->probe_ie_taxonomy);
772 #endif /* CONFIG_TAXONOMY */
773 
774 	return sta;
775 }
776 
777 
ap_sta_remove(struct hostapd_data * hapd,struct sta_info * sta)778 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta)
779 {
780 	ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
781 
782 	if (sta->ipaddr)
783 		hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
784 	ap_sta_ip6addr_del(hapd, sta);
785 
786 	wpa_printf(MSG_DEBUG, "%s: Removing STA " MACSTR " from kernel driver",
787 		   hapd->conf->iface, MAC2STR(sta->addr));
788 	if (hostapd_drv_sta_remove(hapd, sta->addr) &&
789 	    sta->flags & WLAN_STA_ASSOC) {
790 		wpa_printf(MSG_DEBUG, "%s: Could not remove station " MACSTR
791 			   " from kernel driver",
792 			   hapd->conf->iface, MAC2STR(sta->addr));
793 		return -1;
794 	}
795 	sta->added_unassoc = 0;
796 	return 0;
797 }
798 
799 
ap_sta_remove_in_other_bss(struct hostapd_data * hapd,struct sta_info * sta)800 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd,
801 				       struct sta_info *sta)
802 {
803 	struct hostapd_iface *iface = hapd->iface;
804 	size_t i;
805 
806 	for (i = 0; i < iface->num_bss; i++) {
807 		struct hostapd_data *bss = iface->bss[i];
808 		struct sta_info *sta2;
809 		/* bss should always be set during operation, but it may be
810 		 * NULL during reconfiguration. Assume the STA is not
811 		 * associated to another BSS in that case to avoid NULL pointer
812 		 * dereferences. */
813 		if (bss == hapd || bss == NULL)
814 			continue;
815 		sta2 = ap_get_sta(bss, sta->addr);
816 		if (!sta2)
817 			continue;
818 
819 		wpa_printf(MSG_DEBUG, "%s: disconnect old STA " MACSTR
820 			   " association from another BSS %s",
821 			   hapd->conf->iface, MAC2STR(sta2->addr),
822 			   bss->conf->iface);
823 		ap_sta_disconnect(bss, sta2, sta2->addr,
824 				  WLAN_REASON_PREV_AUTH_NOT_VALID);
825 	}
826 }
827 
828 
ap_sta_disassoc_cb_timeout(void * eloop_ctx,void * timeout_ctx)829 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx)
830 {
831 	struct hostapd_data *hapd = eloop_ctx;
832 	struct sta_info *sta = timeout_ctx;
833 
834 	wpa_printf(MSG_DEBUG, "%s: Disassociation callback for STA " MACSTR,
835 		   hapd->conf->iface, MAC2STR(sta->addr));
836 	ap_sta_remove(hapd, sta);
837 	mlme_disassociate_indication(hapd, sta, sta->disassoc_reason);
838 }
839 
840 
ap_sta_disassociate(struct hostapd_data * hapd,struct sta_info * sta,u16 reason)841 void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta,
842 			 u16 reason)
843 {
844 	wpa_printf(MSG_DEBUG, "%s: disassociate STA " MACSTR,
845 		   hapd->conf->iface, MAC2STR(sta->addr));
846 	sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
847 	if (hapd->iface->current_mode &&
848 	    hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
849 		/* Skip deauthentication in DMG/IEEE 802.11ad */
850 		sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC |
851 				WLAN_STA_ASSOC_REQ_OK);
852 		sta->timeout_next = STA_REMOVE;
853 	} else {
854 		sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
855 		sta->timeout_next = STA_DEAUTH;
856 	}
857 	ap_sta_set_authorized(hapd, sta, 0);
858 	hostapd_set_sta_flags(hapd, sta);
859 	wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout "
860 		   "for " MACSTR " (%d seconds - "
861 		   "AP_MAX_INACTIVITY_AFTER_DISASSOC)",
862 		   __func__, MAC2STR(sta->addr),
863 		   AP_MAX_INACTIVITY_AFTER_DISASSOC);
864 	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
865 	eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DISASSOC, 0,
866 			       ap_handle_timer, hapd, sta);
867 	accounting_sta_stop(hapd, sta);
868 	ieee802_1x_free_station(hapd, sta);
869 	wpa_auth_sta_deinit(sta->wpa_sm);
870 	sta->wpa_sm = NULL;
871 
872 	sta->disassoc_reason = reason;
873 	sta->flags |= WLAN_STA_PENDING_DISASSOC_CB;
874 	eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
875 	eloop_register_timeout(hapd->iface->drv_flags &
876 			       WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
877 			       ap_sta_disassoc_cb_timeout, hapd, sta);
878 }
879 
880 
ap_sta_deauth_cb_timeout(void * eloop_ctx,void * timeout_ctx)881 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx)
882 {
883 	struct hostapd_data *hapd = eloop_ctx;
884 	struct sta_info *sta = timeout_ctx;
885 
886 	wpa_printf(MSG_DEBUG, "%s: Deauthentication callback for STA " MACSTR,
887 		   hapd->conf->iface, MAC2STR(sta->addr));
888 	ap_sta_remove(hapd, sta);
889 	mlme_deauthenticate_indication(hapd, sta, sta->deauth_reason);
890 }
891 
892 
ap_sta_deauthenticate(struct hostapd_data * hapd,struct sta_info * sta,u16 reason)893 void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta,
894 			   u16 reason)
895 {
896 	if (hapd->iface->current_mode &&
897 	    hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
898 		/* Deauthentication is not used in DMG/IEEE 802.11ad;
899 		 * disassociate the STA instead. */
900 		ap_sta_disassociate(hapd, sta, reason);
901 		return;
902 	}
903 
904 	wpa_printf(MSG_DEBUG, "%s: deauthenticate STA " MACSTR,
905 		   hapd->conf->iface, MAC2STR(sta->addr));
906 	sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
907 	sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
908 	ap_sta_set_authorized(hapd, sta, 0);
909 	hostapd_set_sta_flags(hapd, sta);
910 	sta->timeout_next = STA_REMOVE;
911 	wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout "
912 		   "for " MACSTR " (%d seconds - "
913 		   "AP_MAX_INACTIVITY_AFTER_DEAUTH)",
914 		   __func__, MAC2STR(sta->addr),
915 		   AP_MAX_INACTIVITY_AFTER_DEAUTH);
916 	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
917 	eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,
918 			       ap_handle_timer, hapd, sta);
919 	accounting_sta_stop(hapd, sta);
920 	ieee802_1x_free_station(hapd, sta);
921 
922 	sta->deauth_reason = reason;
923 	sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
924 	eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
925 	eloop_register_timeout(hapd->iface->drv_flags &
926 			       WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
927 			       ap_sta_deauth_cb_timeout, hapd, sta);
928 }
929 
930 
931 #ifdef CONFIG_WPS
ap_sta_wps_cancel(struct hostapd_data * hapd,struct sta_info * sta,void * ctx)932 int ap_sta_wps_cancel(struct hostapd_data *hapd,
933 		      struct sta_info *sta, void *ctx)
934 {
935 	if (sta && (sta->flags & WLAN_STA_WPS)) {
936 		ap_sta_deauthenticate(hapd, sta,
937 				      WLAN_REASON_PREV_AUTH_NOT_VALID);
938 		wpa_printf(MSG_DEBUG, "WPS: %s: Deauth sta=" MACSTR,
939 			   __func__, MAC2STR(sta->addr));
940 		return 1;
941 	}
942 
943 	return 0;
944 }
945 #endif /* CONFIG_WPS */
946 
947 
ap_sta_get_free_vlan_id(struct hostapd_data * hapd)948 static int ap_sta_get_free_vlan_id(struct hostapd_data *hapd)
949 {
950 	struct hostapd_vlan *vlan;
951 	int vlan_id = MAX_VLAN_ID + 2;
952 
953 retry:
954 	for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
955 		if (vlan->vlan_id == vlan_id) {
956 			vlan_id++;
957 			goto retry;
958 		}
959 	}
960 	return vlan_id;
961 }
962 
963 
ap_sta_set_vlan(struct hostapd_data * hapd,struct sta_info * sta,struct vlan_description * vlan_desc)964 int ap_sta_set_vlan(struct hostapd_data *hapd, struct sta_info *sta,
965 		    struct vlan_description *vlan_desc)
966 {
967 	struct hostapd_vlan *vlan = NULL, *wildcard_vlan = NULL;
968 	int old_vlan_id, vlan_id = 0, ret = 0;
969 
970 	/* Check if there is something to do */
971 	if (hapd->conf->ssid.per_sta_vif && !sta->vlan_id) {
972 		/* This sta is lacking its own vif */
973 	} else if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_DISABLED &&
974 		   !hapd->conf->ssid.per_sta_vif && sta->vlan_id) {
975 		/* sta->vlan_id needs to be reset */
976 	} else if (!vlan_compare(vlan_desc, sta->vlan_desc)) {
977 		return 0; /* nothing to change */
978 	}
979 
980 	/* Now the real VLAN changed or the STA just needs its own vif */
981 	if (hapd->conf->ssid.per_sta_vif) {
982 		/* Assign a new vif, always */
983 		/* find a free vlan_id sufficiently big */
984 		vlan_id = ap_sta_get_free_vlan_id(hapd);
985 		/* Get wildcard VLAN */
986 		for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
987 			if (vlan->vlan_id == VLAN_ID_WILDCARD)
988 				break;
989 		}
990 		if (!vlan) {
991 			hostapd_logger(hapd, sta->addr,
992 				       HOSTAPD_MODULE_IEEE80211,
993 				       HOSTAPD_LEVEL_DEBUG,
994 				       "per_sta_vif missing wildcard");
995 			vlan_id = 0;
996 			ret = -1;
997 			goto done;
998 		}
999 	} else if (vlan_desc && vlan_desc->notempty) {
1000 		for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
1001 			if (!vlan_compare(&vlan->vlan_desc, vlan_desc))
1002 				break;
1003 			if (vlan->vlan_id == VLAN_ID_WILDCARD)
1004 				wildcard_vlan = vlan;
1005 		}
1006 		if (vlan) {
1007 			vlan_id = vlan->vlan_id;
1008 		} else if (wildcard_vlan) {
1009 			vlan = wildcard_vlan;
1010 			vlan_id = vlan_desc->untagged;
1011 			if (vlan_desc->tagged[0]) {
1012 				/* Tagged VLAN configuration */
1013 				vlan_id = ap_sta_get_free_vlan_id(hapd);
1014 			}
1015 		} else {
1016 			hostapd_logger(hapd, sta->addr,
1017 				       HOSTAPD_MODULE_IEEE80211,
1018 				       HOSTAPD_LEVEL_DEBUG,
1019 				       "missing vlan and wildcard for vlan=%d%s",
1020 				       vlan_desc->untagged,
1021 				       vlan_desc->tagged[0] ? "+" : "");
1022 			vlan_id = 0;
1023 			ret = -1;
1024 			goto done;
1025 		}
1026 	}
1027 
1028 	if (vlan && vlan->vlan_id == VLAN_ID_WILDCARD) {
1029 		vlan = vlan_add_dynamic(hapd, vlan, vlan_id, vlan_desc);
1030 		if (vlan == NULL) {
1031 			hostapd_logger(hapd, sta->addr,
1032 				       HOSTAPD_MODULE_IEEE80211,
1033 				       HOSTAPD_LEVEL_DEBUG,
1034 				       "could not add dynamic VLAN interface for vlan=%d%s",
1035 				       vlan_desc ? vlan_desc->untagged : -1,
1036 				       (vlan_desc && vlan_desc->tagged[0]) ?
1037 				       "+" : "");
1038 			vlan_id = 0;
1039 			ret = -1;
1040 			goto done;
1041 		}
1042 
1043 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1044 			       HOSTAPD_LEVEL_DEBUG,
1045 			       "added new dynamic VLAN interface '%s'",
1046 			       vlan->ifname);
1047 	} else if (vlan && vlan->dynamic_vlan > 0) {
1048 		vlan->dynamic_vlan++;
1049 		hostapd_logger(hapd, sta->addr,
1050 			       HOSTAPD_MODULE_IEEE80211,
1051 			       HOSTAPD_LEVEL_DEBUG,
1052 			       "updated existing dynamic VLAN interface '%s'",
1053 			       vlan->ifname);
1054 	}
1055 done:
1056 	old_vlan_id = sta->vlan_id;
1057 	sta->vlan_id = vlan_id;
1058 	sta->vlan_desc = vlan ? &vlan->vlan_desc : NULL;
1059 
1060 	if (vlan_id != old_vlan_id && old_vlan_id)
1061 		vlan_remove_dynamic(hapd, old_vlan_id);
1062 
1063 	return ret;
1064 }
1065 
1066 
ap_sta_bind_vlan(struct hostapd_data * hapd,struct sta_info * sta)1067 int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta)
1068 {
1069 #ifndef CONFIG_NO_VLAN
1070 	const char *iface;
1071 	struct hostapd_vlan *vlan = NULL;
1072 	int ret;
1073 	int old_vlanid = sta->vlan_id_bound;
1074 
1075 	if ((sta->flags & WLAN_STA_WDS) && sta->vlan_id == 0) {
1076 		wpa_printf(MSG_DEBUG,
1077 			   "Do not override WDS VLAN assignment for STA "
1078 			   MACSTR, MAC2STR(sta->addr));
1079 		return 0;
1080 	}
1081 
1082 	iface = hapd->conf->iface;
1083 	if (hapd->conf->ssid.vlan[0])
1084 		iface = hapd->conf->ssid.vlan;
1085 
1086 	if (sta->vlan_id > 0) {
1087 		for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
1088 			if (vlan->vlan_id == sta->vlan_id)
1089 				break;
1090 		}
1091 		if (vlan)
1092 			iface = vlan->ifname;
1093 	}
1094 
1095 	/*
1096 	 * Do not increment ref counters if the VLAN ID remains same, but do
1097 	 * not skip hostapd_drv_set_sta_vlan() as hostapd_drv_sta_remove() might
1098 	 * have been called before.
1099 	 */
1100 	if (sta->vlan_id == old_vlanid)
1101 		goto skip_counting;
1102 
1103 	if (sta->vlan_id > 0 && !vlan &&
1104 	    !(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) {
1105 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1106 			       HOSTAPD_LEVEL_DEBUG, "could not find VLAN for "
1107 			       "binding station to (vlan_id=%d)",
1108 			       sta->vlan_id);
1109 		ret = -1;
1110 		goto done;
1111 	} else if (vlan && vlan->dynamic_vlan > 0) {
1112 		vlan->dynamic_vlan++;
1113 		hostapd_logger(hapd, sta->addr,
1114 			       HOSTAPD_MODULE_IEEE80211,
1115 			       HOSTAPD_LEVEL_DEBUG,
1116 			       "updated existing dynamic VLAN interface '%s'",
1117 			       iface);
1118 	}
1119 
1120 	/* ref counters have been increased, so mark the station */
1121 	sta->vlan_id_bound = sta->vlan_id;
1122 
1123 skip_counting:
1124 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1125 		       HOSTAPD_LEVEL_DEBUG, "binding station to interface "
1126 		       "'%s'", iface);
1127 
1128 	if (wpa_auth_sta_set_vlan(sta->wpa_sm, sta->vlan_id) < 0)
1129 		wpa_printf(MSG_INFO, "Failed to update VLAN-ID for WPA");
1130 
1131 	ret = hostapd_drv_set_sta_vlan(iface, hapd, sta->addr, sta->vlan_id);
1132 	if (ret < 0) {
1133 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1134 			       HOSTAPD_LEVEL_DEBUG, "could not bind the STA "
1135 			       "entry to vlan_id=%d", sta->vlan_id);
1136 	}
1137 
1138 	/* During 1x reauth, if the vlan id changes, then remove the old id. */
1139 	if (old_vlanid > 0 && old_vlanid != sta->vlan_id)
1140 		vlan_remove_dynamic(hapd, old_vlanid);
1141 done:
1142 
1143 	return ret;
1144 #else /* CONFIG_NO_VLAN */
1145 	return 0;
1146 #endif /* CONFIG_NO_VLAN */
1147 }
1148 
1149 
ap_check_sa_query_timeout(struct hostapd_data * hapd,struct sta_info * sta)1150 int ap_check_sa_query_timeout(struct hostapd_data *hapd, struct sta_info *sta)
1151 {
1152 	u32 tu;
1153 	struct os_reltime now, passed;
1154 	os_get_reltime(&now);
1155 	os_reltime_sub(&now, &sta->sa_query_start, &passed);
1156 	tu = (passed.sec * 1000000 + passed.usec) / 1024;
1157 	if (hapd->conf->assoc_sa_query_max_timeout < tu) {
1158 		hostapd_logger(hapd, sta->addr,
1159 			       HOSTAPD_MODULE_IEEE80211,
1160 			       HOSTAPD_LEVEL_DEBUG,
1161 			       "association SA Query timed out");
1162 		sta->sa_query_timed_out = 1;
1163 		os_free(sta->sa_query_trans_id);
1164 		sta->sa_query_trans_id = NULL;
1165 		sta->sa_query_count = 0;
1166 		eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
1167 		return 1;
1168 	}
1169 
1170 	return 0;
1171 }
1172 
1173 
ap_sa_query_timer(void * eloop_ctx,void * timeout_ctx)1174 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx)
1175 {
1176 	struct hostapd_data *hapd = eloop_ctx;
1177 	struct sta_info *sta = timeout_ctx;
1178 	unsigned int timeout, sec, usec;
1179 	u8 *trans_id, *nbuf;
1180 
1181 	wpa_printf(MSG_DEBUG, "%s: SA Query timer for STA " MACSTR
1182 		   " (count=%d)",
1183 		   hapd->conf->iface, MAC2STR(sta->addr), sta->sa_query_count);
1184 
1185 	if (sta->sa_query_count > 0 &&
1186 	    ap_check_sa_query_timeout(hapd, sta))
1187 		return;
1188 	if (sta->sa_query_count >= 1000)
1189 		return;
1190 
1191 	nbuf = os_realloc_array(sta->sa_query_trans_id,
1192 				sta->sa_query_count + 1,
1193 				WLAN_SA_QUERY_TR_ID_LEN);
1194 	if (nbuf == NULL)
1195 		return;
1196 	if (sta->sa_query_count == 0) {
1197 		/* Starting a new SA Query procedure */
1198 		os_get_reltime(&sta->sa_query_start);
1199 	}
1200 	trans_id = nbuf + sta->sa_query_count * WLAN_SA_QUERY_TR_ID_LEN;
1201 	sta->sa_query_trans_id = nbuf;
1202 	sta->sa_query_count++;
1203 
1204 	if (os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN) < 0) {
1205 		/*
1206 		 * We don't really care which ID is used here, so simply
1207 		 * hardcode this if the mostly theoretical os_get_random()
1208 		 * failure happens.
1209 		 */
1210 		trans_id[0] = 0x12;
1211 		trans_id[1] = 0x34;
1212 	}
1213 
1214 	timeout = hapd->conf->assoc_sa_query_retry_timeout;
1215 	sec = ((timeout / 1000) * 1024) / 1000;
1216 	usec = (timeout % 1000) * 1024;
1217 	eloop_register_timeout(sec, usec, ap_sa_query_timer, hapd, sta);
1218 
1219 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1220 		       HOSTAPD_LEVEL_DEBUG,
1221 		       "association SA Query attempt %d", sta->sa_query_count);
1222 
1223 	ieee802_11_send_sa_query_req(hapd, sta->addr, trans_id);
1224 }
1225 
1226 
ap_sta_start_sa_query(struct hostapd_data * hapd,struct sta_info * sta)1227 void ap_sta_start_sa_query(struct hostapd_data *hapd, struct sta_info *sta)
1228 {
1229 	ap_sa_query_timer(hapd, sta);
1230 }
1231 
1232 
ap_sta_stop_sa_query(struct hostapd_data * hapd,struct sta_info * sta)1233 void ap_sta_stop_sa_query(struct hostapd_data *hapd, struct sta_info *sta)
1234 {
1235 	eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
1236 	os_free(sta->sa_query_trans_id);
1237 	sta->sa_query_trans_id = NULL;
1238 	sta->sa_query_count = 0;
1239 }
1240 
1241 
ap_sta_wpa_get_keyid(struct hostapd_data * hapd,struct sta_info * sta)1242 const char * ap_sta_wpa_get_keyid(struct hostapd_data *hapd,
1243 				  struct sta_info *sta)
1244 {
1245 	struct hostapd_wpa_psk *psk;
1246 	struct hostapd_ssid *ssid;
1247 	const u8 *pmk;
1248 	int pmk_len;
1249 
1250 	ssid = &hapd->conf->ssid;
1251 
1252 	pmk = wpa_auth_get_pmk(sta->wpa_sm, &pmk_len);
1253 	if (!pmk || pmk_len != PMK_LEN)
1254 		return NULL;
1255 
1256 	for (psk = ssid->wpa_psk; psk; psk = psk->next)
1257 		if (os_memcmp(pmk, psk->psk, PMK_LEN) == 0)
1258 			break;
1259 	if (!psk || !psk->keyid[0])
1260 		return NULL;
1261 
1262 	return psk->keyid;
1263 }
1264 
1265 
ap_sta_wpa_get_dpp_pkhash(struct hostapd_data * hapd,struct sta_info * sta)1266 const u8 * ap_sta_wpa_get_dpp_pkhash(struct hostapd_data *hapd,
1267 				     struct sta_info *sta)
1268 {
1269 	return wpa_auth_get_dpp_pkhash(sta->wpa_sm);
1270 }
1271 
1272 
ap_sta_set_authorized(struct hostapd_data * hapd,struct sta_info * sta,int authorized)1273 void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
1274 			   int authorized)
1275 {
1276 	const u8 *dev_addr = NULL;
1277 	char buf[100];
1278 #ifdef CONFIG_P2P
1279 	u8 addr[ETH_ALEN];
1280 	u8 ip_addr_buf[4];
1281 #endif /* CONFIG_P2P */
1282 
1283 	if (!!authorized == !!(sta->flags & WLAN_STA_AUTHORIZED))
1284 		return;
1285 
1286 	if (authorized) {
1287 		hostapd_prune_associations(hapd, sta->addr);
1288 		sta->flags |= WLAN_STA_AUTHORIZED;
1289 	} else {
1290 		sta->flags &= ~WLAN_STA_AUTHORIZED;
1291 	}
1292 
1293 #ifdef CONFIG_P2P
1294 	if (hapd->p2p_group == NULL) {
1295 		if (sta->p2p_ie != NULL &&
1296 		    p2p_parse_dev_addr_in_p2p_ie(sta->p2p_ie, addr) == 0)
1297 			dev_addr = addr;
1298 	} else
1299 		dev_addr = p2p_group_get_dev_addr(hapd->p2p_group, sta->addr);
1300 
1301 	if (dev_addr)
1302 		os_snprintf(buf, sizeof(buf), MACSTR " p2p_dev_addr=" MACSTR,
1303 			    MAC2STR(sta->addr), MAC2STR(dev_addr));
1304 	else
1305 #endif /* CONFIG_P2P */
1306 		os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr));
1307 
1308 	if (hapd->sta_authorized_cb)
1309 		hapd->sta_authorized_cb(hapd->sta_authorized_cb_ctx,
1310 					sta->addr, authorized, dev_addr);
1311 
1312 	if (authorized) {
1313 		const u8 *dpp_pkhash;
1314 		const char *keyid;
1315 		char dpp_pkhash_buf[100];
1316 		char keyid_buf[100];
1317 		char ip_addr[100];
1318 
1319 		dpp_pkhash_buf[0] = '\0';
1320 		keyid_buf[0] = '\0';
1321 		ip_addr[0] = '\0';
1322 #ifdef CONFIG_P2P
1323 		if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) {
1324 			os_snprintf(ip_addr, sizeof(ip_addr),
1325 				    " ip_addr=%u.%u.%u.%u",
1326 				    ip_addr_buf[0], ip_addr_buf[1],
1327 				    ip_addr_buf[2], ip_addr_buf[3]);
1328 		}
1329 #endif /* CONFIG_P2P */
1330 
1331 		keyid = ap_sta_wpa_get_keyid(hapd, sta);
1332 		if (keyid) {
1333 			os_snprintf(keyid_buf, sizeof(keyid_buf),
1334 				    " keyid=%s", keyid);
1335 		}
1336 
1337 		dpp_pkhash = ap_sta_wpa_get_dpp_pkhash(hapd, sta);
1338 		if (dpp_pkhash) {
1339 			const char *prefix = " dpp_pkhash=";
1340 			size_t plen = os_strlen(prefix);
1341 
1342 			os_strlcpy(dpp_pkhash_buf, prefix,
1343 				   sizeof(dpp_pkhash_buf));
1344 			wpa_snprintf_hex(&dpp_pkhash_buf[plen],
1345 					 sizeof(dpp_pkhash_buf) - plen,
1346 					 dpp_pkhash, SHA256_MAC_LEN);
1347 		}
1348 
1349 		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s",
1350 			buf, ip_addr, keyid_buf, dpp_pkhash_buf);
1351 
1352 		if (hapd->msg_ctx_parent &&
1353 		    hapd->msg_ctx_parent != hapd->msg_ctx)
1354 			wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
1355 					  AP_STA_CONNECTED "%s%s%s%s",
1356 					  buf, ip_addr, keyid_buf,
1357 					  dpp_pkhash_buf);
1358 	} else {
1359 		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
1360 
1361 		if (hapd->msg_ctx_parent &&
1362 		    hapd->msg_ctx_parent != hapd->msg_ctx)
1363 			wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
1364 					  AP_STA_DISCONNECTED "%s", buf);
1365 	}
1366 
1367 #ifdef CONFIG_FST
1368 	if (hapd->iface->fst) {
1369 		if (authorized)
1370 			fst_notify_peer_connected(hapd->iface->fst, sta->addr);
1371 		else
1372 			fst_notify_peer_disconnected(hapd->iface->fst,
1373 						     sta->addr);
1374 	}
1375 #endif /* CONFIG_FST */
1376 }
1377 
1378 
ap_sta_disconnect(struct hostapd_data * hapd,struct sta_info * sta,const u8 * addr,u16 reason)1379 void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
1380 		       const u8 *addr, u16 reason)
1381 {
1382 	if (sta)
1383 		wpa_printf(MSG_DEBUG, "%s: %s STA " MACSTR " reason=%u",
1384 			   hapd->conf->iface, __func__, MAC2STR(sta->addr),
1385 			   reason);
1386 	else if (addr)
1387 		wpa_printf(MSG_DEBUG, "%s: %s addr " MACSTR " reason=%u",
1388 			   hapd->conf->iface, __func__, MAC2STR(addr),
1389 			   reason);
1390 
1391 	if (sta == NULL && addr)
1392 		sta = ap_get_sta(hapd, addr);
1393 
1394 	if (addr)
1395 		hostapd_drv_sta_deauth(hapd, addr, reason);
1396 
1397 	if (sta == NULL)
1398 		return;
1399 	ap_sta_set_authorized(hapd, sta, 0);
1400 	sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
1401 	hostapd_set_sta_flags(hapd, sta);
1402 	wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
1403 	ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
1404 	wpa_printf(MSG_DEBUG, "%s: %s: reschedule ap_handle_timer timeout "
1405 		   "for " MACSTR " (%d seconds - "
1406 		   "AP_MAX_INACTIVITY_AFTER_DEAUTH)",
1407 		   hapd->conf->iface, __func__, MAC2STR(sta->addr),
1408 		   AP_MAX_INACTIVITY_AFTER_DEAUTH);
1409 	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
1410 	eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,
1411 			       ap_handle_timer, hapd, sta);
1412 	sta->timeout_next = STA_REMOVE;
1413 
1414 	if (hapd->iface->current_mode &&
1415 	    hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
1416 		/* Deauthentication is not used in DMG/IEEE 802.11ad;
1417 		 * disassociate the STA instead. */
1418 		sta->disassoc_reason = reason;
1419 		sta->flags |= WLAN_STA_PENDING_DISASSOC_CB;
1420 		eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
1421 		eloop_register_timeout(hapd->iface->drv_flags &
1422 				       WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ?
1423 				       2 : 0, 0, ap_sta_disassoc_cb_timeout,
1424 				       hapd, sta);
1425 		return;
1426 	}
1427 
1428 	sta->deauth_reason = reason;
1429 	sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
1430 	eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
1431 	eloop_register_timeout(hapd->iface->drv_flags &
1432 			       WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
1433 			       ap_sta_deauth_cb_timeout, hapd, sta);
1434 }
1435 
1436 
ap_sta_deauth_cb(struct hostapd_data * hapd,struct sta_info * sta)1437 void ap_sta_deauth_cb(struct hostapd_data *hapd, struct sta_info *sta)
1438 {
1439 	if (!(sta->flags & WLAN_STA_PENDING_DEAUTH_CB)) {
1440 		wpa_printf(MSG_DEBUG, "Ignore deauth cb for test frame");
1441 		return;
1442 	}
1443 	sta->flags &= ~WLAN_STA_PENDING_DEAUTH_CB;
1444 	eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
1445 	ap_sta_deauth_cb_timeout(hapd, sta);
1446 }
1447 
1448 
ap_sta_disassoc_cb(struct hostapd_data * hapd,struct sta_info * sta)1449 void ap_sta_disassoc_cb(struct hostapd_data *hapd, struct sta_info *sta)
1450 {
1451 	if (!(sta->flags & WLAN_STA_PENDING_DISASSOC_CB)) {
1452 		wpa_printf(MSG_DEBUG, "Ignore disassoc cb for test frame");
1453 		return;
1454 	}
1455 	sta->flags &= ~WLAN_STA_PENDING_DISASSOC_CB;
1456 	eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
1457 	ap_sta_disassoc_cb_timeout(hapd, sta);
1458 }
1459 
1460 
ap_sta_clear_disconnect_timeouts(struct hostapd_data * hapd,struct sta_info * sta)1461 void ap_sta_clear_disconnect_timeouts(struct hostapd_data *hapd,
1462 				      struct sta_info *sta)
1463 {
1464 	if (eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta) > 0)
1465 		wpa_printf(MSG_DEBUG,
1466 			   "%s: Removed ap_sta_deauth_cb_timeout timeout for "
1467 			   MACSTR,
1468 			   hapd->conf->iface, MAC2STR(sta->addr));
1469 	if (eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta) > 0)
1470 		wpa_printf(MSG_DEBUG,
1471 			   "%s: Removed ap_sta_disassoc_cb_timeout timeout for "
1472 			   MACSTR,
1473 			   hapd->conf->iface, MAC2STR(sta->addr));
1474 	if (eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta) > 0)
1475 	{
1476 		wpa_printf(MSG_DEBUG,
1477 			   "%s: Removed ap_sta_delayed_1x_auth_fail_cb timeout for "
1478 			   MACSTR,
1479 			   hapd->conf->iface, MAC2STR(sta->addr));
1480 		if (sta->flags & WLAN_STA_WPS)
1481 			hostapd_wps_eap_completed(hapd);
1482 	}
1483 }
1484 
1485 
ap_sta_flags_txt(u32 flags,char * buf,size_t buflen)1486 int ap_sta_flags_txt(u32 flags, char *buf, size_t buflen)
1487 {
1488 	int res;
1489 
1490 	buf[0] = '\0';
1491 	res = os_snprintf(buf, buflen,
1492 			  "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
1493 			  (flags & WLAN_STA_AUTH ? "[AUTH]" : ""),
1494 			  (flags & WLAN_STA_ASSOC ? "[ASSOC]" : ""),
1495 			  (flags & WLAN_STA_AUTHORIZED ? "[AUTHORIZED]" : ""),
1496 			  (flags & WLAN_STA_PENDING_POLL ? "[PENDING_POLL" :
1497 			   ""),
1498 			  (flags & WLAN_STA_SHORT_PREAMBLE ?
1499 			   "[SHORT_PREAMBLE]" : ""),
1500 			  (flags & WLAN_STA_PREAUTH ? "[PREAUTH]" : ""),
1501 			  (flags & WLAN_STA_WMM ? "[WMM]" : ""),
1502 			  (flags & WLAN_STA_MFP ? "[MFP]" : ""),
1503 			  (flags & WLAN_STA_WPS ? "[WPS]" : ""),
1504 			  (flags & WLAN_STA_MAYBE_WPS ? "[MAYBE_WPS]" : ""),
1505 			  (flags & WLAN_STA_WDS ? "[WDS]" : ""),
1506 			  (flags & WLAN_STA_NONERP ? "[NonERP]" : ""),
1507 			  (flags & WLAN_STA_WPS2 ? "[WPS2]" : ""),
1508 			  (flags & WLAN_STA_GAS ? "[GAS]" : ""),
1509 			  (flags & WLAN_STA_HT ? "[HT]" : ""),
1510 			  (flags & WLAN_STA_VHT ? "[VHT]" : ""),
1511 			  (flags & WLAN_STA_HE ? "[HE]" : ""),
1512 			  (flags & WLAN_STA_EHT ? "[EHT]" : ""),
1513 			  (flags & WLAN_STA_6GHZ ? "[6GHZ]" : ""),
1514 			  (flags & WLAN_STA_VENDOR_VHT ? "[VENDOR_VHT]" : ""),
1515 			  (flags & WLAN_STA_WNM_SLEEP_MODE ?
1516 			   "[WNM_SLEEP_MODE]" : ""));
1517 	if (os_snprintf_error(buflen, res))
1518 		res = -1;
1519 
1520 	return res;
1521 }
1522 
1523 
ap_sta_delayed_1x_auth_fail_cb(void * eloop_ctx,void * timeout_ctx)1524 static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx)
1525 {
1526 	struct hostapd_data *hapd = eloop_ctx;
1527 	struct sta_info *sta = timeout_ctx;
1528 	u16 reason;
1529 
1530 	wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
1531 		"IEEE 802.1X: Scheduled disconnection of " MACSTR
1532 		" after EAP-Failure", MAC2STR(sta->addr));
1533 
1534 	reason = sta->disconnect_reason_code;
1535 	if (!reason)
1536 		reason = WLAN_REASON_IEEE_802_1X_AUTH_FAILED;
1537 	ap_sta_disconnect(hapd, sta, sta->addr, reason);
1538 	if (sta->flags & WLAN_STA_WPS)
1539 		hostapd_wps_eap_completed(hapd);
1540 }
1541 
1542 
ap_sta_delayed_1x_auth_fail_disconnect(struct hostapd_data * hapd,struct sta_info * sta,unsigned timeout)1543 void ap_sta_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd,
1544 					    struct sta_info *sta,
1545 					    unsigned timeout)
1546 {
1547 	wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
1548 		"IEEE 802.1X: Force disconnection of " MACSTR
1549 		" after EAP-Failure in %u ms", MAC2STR(sta->addr), timeout);
1550 
1551 	/*
1552 	 * Add a small sleep to increase likelihood of previously requested
1553 	 * EAP-Failure TX getting out before this should the driver reorder
1554 	 * operations.
1555 	 */
1556 	eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta);
1557 	eloop_register_timeout(0, timeout * 1000,
1558 			       ap_sta_delayed_1x_auth_fail_cb, hapd, sta);
1559 }
1560 
1561 
ap_sta_pending_delayed_1x_auth_fail_disconnect(struct hostapd_data * hapd,struct sta_info * sta)1562 int ap_sta_pending_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd,
1563 						   struct sta_info *sta)
1564 {
1565 	return eloop_is_timeout_registered(ap_sta_delayed_1x_auth_fail_cb,
1566 					   hapd, sta);
1567 }
1568 
1569 
ap_sta_re_add(struct hostapd_data * hapd,struct sta_info * sta)1570 int ap_sta_re_add(struct hostapd_data *hapd, struct sta_info *sta)
1571 {
1572 	/*
1573 	 * If a station that is already associated to the AP, is trying to
1574 	 * authenticate again, remove the STA entry, in order to make sure the
1575 	 * STA PS state gets cleared and configuration gets updated. To handle
1576 	 * this, station's added_unassoc flag is cleared once the station has
1577 	 * completed association.
1578 	 */
1579 	ap_sta_set_authorized(hapd, sta, 0);
1580 	hostapd_drv_sta_remove(hapd, sta->addr);
1581 	sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH | WLAN_STA_AUTHORIZED);
1582 
1583 	if (hostapd_sta_add(hapd, sta->addr, 0, 0,
1584 			    sta->supported_rates,
1585 			    sta->supported_rates_len,
1586 			    0, NULL, NULL, NULL, 0, NULL, 0, NULL,
1587 			    sta->flags, 0, 0, 0, 0)) {
1588 		hostapd_logger(hapd, sta->addr,
1589 			       HOSTAPD_MODULE_IEEE80211,
1590 			       HOSTAPD_LEVEL_NOTICE,
1591 			       "Could not add STA to kernel driver");
1592 		return -1;
1593 	}
1594 
1595 	sta->added_unassoc = 1;
1596 	return 0;
1597 }
1598