1 /*
2 * hostapd / IEEE 802.11 Management
3 * Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #ifndef CONFIG_NATIVE_WINDOWS
12
13 #include "utils/common.h"
14 #include "utils/eloop.h"
15 #include "crypto/crypto.h"
16 #include "crypto/sha256.h"
17 #include "crypto/random.h"
18 #include "common/ieee802_11_defs.h"
19 #include "common/ieee802_11_common.h"
20 #include "common/wpa_ctrl.h"
21 #include "common/sae.h"
22 #include "radius/radius.h"
23 #include "radius/radius_client.h"
24 #include "p2p/p2p.h"
25 #include "wps/wps.h"
26 #include "fst/fst.h"
27 #include "hostapd.h"
28 #include "beacon.h"
29 #include "ieee802_11_auth.h"
30 #include "sta_info.h"
31 #include "ieee802_1x.h"
32 #include "wpa_auth.h"
33 #include "pmksa_cache_auth.h"
34 #include "wmm.h"
35 #include "ap_list.h"
36 #include "accounting.h"
37 #include "ap_config.h"
38 #include "ap_mlme.h"
39 #include "p2p_hostapd.h"
40 #include "ap_drv_ops.h"
41 #include "wnm_ap.h"
42 #include "hw_features.h"
43 #include "ieee802_11.h"
44 #include "dfs.h"
45 #include "mbo_ap.h"
46 #include "rrm.h"
47 #include "taxonomy.h"
48 #include "fils_hlp.h"
49
50
hostapd_eid_supp_rates(struct hostapd_data * hapd,u8 * eid)51 u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
52 {
53 u8 *pos = eid;
54 int i, num, count;
55
56 if (hapd->iface->current_rates == NULL)
57 return eid;
58
59 *pos++ = WLAN_EID_SUPP_RATES;
60 num = hapd->iface->num_rates;
61 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht)
62 num++;
63 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
64 num++;
65 if (num > 8) {
66 /* rest of the rates are encoded in Extended supported
67 * rates element */
68 num = 8;
69 }
70
71 *pos++ = num;
72 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num;
73 i++) {
74 count++;
75 *pos = hapd->iface->current_rates[i].rate / 5;
76 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
77 *pos |= 0x80;
78 pos++;
79 }
80
81 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && count < 8) {
82 count++;
83 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY;
84 }
85
86 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && count < 8) {
87 count++;
88 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
89 }
90
91 return pos;
92 }
93
94
hostapd_eid_ext_supp_rates(struct hostapd_data * hapd,u8 * eid)95 u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid)
96 {
97 u8 *pos = eid;
98 int i, num, count;
99
100 if (hapd->iface->current_rates == NULL)
101 return eid;
102
103 num = hapd->iface->num_rates;
104 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht)
105 num++;
106 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
107 num++;
108 if (num <= 8)
109 return eid;
110 num -= 8;
111
112 *pos++ = WLAN_EID_EXT_SUPP_RATES;
113 *pos++ = num;
114 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8;
115 i++) {
116 count++;
117 if (count <= 8)
118 continue; /* already in SuppRates IE */
119 *pos = hapd->iface->current_rates[i].rate / 5;
120 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
121 *pos |= 0x80;
122 pos++;
123 }
124
125 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) {
126 count++;
127 if (count > 8)
128 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY;
129 }
130
131 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) {
132 count++;
133 if (count > 8)
134 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
135 }
136
137 return pos;
138 }
139
140
hostapd_own_capab_info(struct hostapd_data * hapd)141 u16 hostapd_own_capab_info(struct hostapd_data *hapd)
142 {
143 int capab = WLAN_CAPABILITY_ESS;
144 int privacy;
145 int dfs;
146 int i;
147
148 /* Check if any of configured channels require DFS */
149 dfs = hostapd_is_dfs_required(hapd->iface);
150 if (dfs < 0) {
151 wpa_printf(MSG_WARNING, "Failed to check if DFS is required; ret=%d",
152 dfs);
153 dfs = 0;
154 }
155
156 if (hapd->iface->num_sta_no_short_preamble == 0 &&
157 hapd->iconf->preamble == SHORT_PREAMBLE)
158 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
159
160 privacy = hapd->conf->ssid.wep.keys_set;
161
162 if (hapd->conf->ieee802_1x &&
163 (hapd->conf->default_wep_key_len ||
164 hapd->conf->individual_wep_key_len))
165 privacy = 1;
166
167 if (hapd->conf->wpa)
168 privacy = 1;
169
170 #ifdef CONFIG_HS20
171 if (hapd->conf->osen)
172 privacy = 1;
173 #endif /* CONFIG_HS20 */
174
175 if (privacy)
176 capab |= WLAN_CAPABILITY_PRIVACY;
177
178 if (hapd->iface->current_mode &&
179 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G &&
180 hapd->iface->num_sta_no_short_slot_time == 0)
181 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
182
183 /*
184 * Currently, Spectrum Management capability bit is set when directly
185 * requested in configuration by spectrum_mgmt_required or when AP is
186 * running on DFS channel.
187 * TODO: Also consider driver support for TPC to set Spectrum Mgmt bit
188 */
189 if (hapd->iface->current_mode &&
190 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211A &&
191 (hapd->iconf->spectrum_mgmt_required || dfs))
192 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
193
194 for (i = 0; i < RRM_CAPABILITIES_IE_LEN; i++) {
195 if (hapd->conf->radio_measurements[i]) {
196 capab |= IEEE80211_CAP_RRM;
197 break;
198 }
199 }
200
201 return capab;
202 }
203
204
205 #ifndef CONFIG_NO_RC4
auth_shared_key(struct hostapd_data * hapd,struct sta_info * sta,u16 auth_transaction,const u8 * challenge,int iswep)206 static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta,
207 u16 auth_transaction, const u8 *challenge,
208 int iswep)
209 {
210 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
211 HOSTAPD_LEVEL_DEBUG,
212 "authentication (shared key, transaction %d)",
213 auth_transaction);
214
215 if (auth_transaction == 1) {
216 if (!sta->challenge) {
217 /* Generate a pseudo-random challenge */
218 u8 key[8];
219
220 sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN);
221 if (sta->challenge == NULL)
222 return WLAN_STATUS_UNSPECIFIED_FAILURE;
223
224 if (os_get_random(key, sizeof(key)) < 0) {
225 os_free(sta->challenge);
226 sta->challenge = NULL;
227 return WLAN_STATUS_UNSPECIFIED_FAILURE;
228 }
229
230 rc4_skip(key, sizeof(key), 0,
231 sta->challenge, WLAN_AUTH_CHALLENGE_LEN);
232 }
233 return 0;
234 }
235
236 if (auth_transaction != 3)
237 return WLAN_STATUS_UNSPECIFIED_FAILURE;
238
239 /* Transaction 3 */
240 if (!iswep || !sta->challenge || !challenge ||
241 os_memcmp_const(sta->challenge, challenge,
242 WLAN_AUTH_CHALLENGE_LEN)) {
243 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
244 HOSTAPD_LEVEL_INFO,
245 "shared key authentication - invalid "
246 "challenge-response");
247 return WLAN_STATUS_CHALLENGE_FAIL;
248 }
249
250 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
251 HOSTAPD_LEVEL_DEBUG,
252 "authentication OK (shared key)");
253 sta->flags |= WLAN_STA_AUTH;
254 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
255 os_free(sta->challenge);
256 sta->challenge = NULL;
257
258 return 0;
259 }
260 #endif /* CONFIG_NO_RC4 */
261
262
send_auth_reply(struct hostapd_data * hapd,const u8 * dst,const u8 * bssid,u16 auth_alg,u16 auth_transaction,u16 resp,const u8 * ies,size_t ies_len)263 static int send_auth_reply(struct hostapd_data *hapd,
264 const u8 *dst, const u8 *bssid,
265 u16 auth_alg, u16 auth_transaction, u16 resp,
266 const u8 *ies, size_t ies_len)
267 {
268 struct ieee80211_mgmt *reply;
269 u8 *buf;
270 size_t rlen;
271 int reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE;
272
273 rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len;
274 buf = os_zalloc(rlen);
275 if (buf == NULL)
276 return -1;
277
278 reply = (struct ieee80211_mgmt *) buf;
279 reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
280 WLAN_FC_STYPE_AUTH);
281 os_memcpy(reply->da, dst, ETH_ALEN);
282 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN);
283 os_memcpy(reply->bssid, bssid, ETH_ALEN);
284
285 reply->u.auth.auth_alg = host_to_le16(auth_alg);
286 reply->u.auth.auth_transaction = host_to_le16(auth_transaction);
287 reply->u.auth.status_code = host_to_le16(resp);
288
289 if (ies && ies_len)
290 os_memcpy(reply->u.auth.variable, ies, ies_len);
291
292 wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR
293 " auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu)",
294 MAC2STR(dst), auth_alg, auth_transaction,
295 resp, (unsigned long) ies_len);
296 if (hostapd_drv_send_mlme(hapd, reply, rlen, 0) < 0)
297 wpa_printf(MSG_INFO, "send_auth_reply: send failed");
298 else
299 reply_res = WLAN_STATUS_SUCCESS;
300
301 os_free(buf);
302
303 return reply_res;
304 }
305
306
307 #ifdef CONFIG_IEEE80211R_AP
handle_auth_ft_finish(void * ctx,const u8 * dst,const u8 * bssid,u16 auth_transaction,u16 status,const u8 * ies,size_t ies_len)308 static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid,
309 u16 auth_transaction, u16 status,
310 const u8 *ies, size_t ies_len)
311 {
312 struct hostapd_data *hapd = ctx;
313 struct sta_info *sta;
314 int reply_res;
315
316 reply_res = send_auth_reply(hapd, dst, bssid, WLAN_AUTH_FT,
317 auth_transaction, status, ies, ies_len);
318
319 sta = ap_get_sta(hapd, dst);
320 if (sta == NULL)
321 return;
322
323 if (sta->added_unassoc && (reply_res != WLAN_STATUS_SUCCESS ||
324 status != WLAN_STATUS_SUCCESS)) {
325 hostapd_drv_sta_remove(hapd, sta->addr);
326 sta->added_unassoc = 0;
327 return;
328 }
329
330 if (status != WLAN_STATUS_SUCCESS)
331 return;
332
333 hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211,
334 HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)");
335 sta->flags |= WLAN_STA_AUTH;
336 mlme_authenticate_indication(hapd, sta);
337 }
338 #endif /* CONFIG_IEEE80211R_AP */
339
340
341 #ifdef CONFIG_SAE
342
343 #define dot11RSNASAESync 5 /* attempts */
344
345
auth_build_sae_commit(struct hostapd_data * hapd,struct sta_info * sta,int update)346 static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd,
347 struct sta_info *sta, int update)
348 {
349 struct wpabuf *buf;
350
351 if (hapd->conf->ssid.wpa_passphrase == NULL) {
352 wpa_printf(MSG_DEBUG, "SAE: No password available");
353 return NULL;
354 }
355
356 if (update &&
357 sae_prepare_commit(hapd->own_addr, sta->addr,
358 (u8 *) hapd->conf->ssid.wpa_passphrase,
359 os_strlen(hapd->conf->ssid.wpa_passphrase),
360 sta->sae) < 0) {
361 wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
362 return NULL;
363 }
364
365 buf = wpabuf_alloc(SAE_COMMIT_MAX_LEN);
366 if (buf == NULL)
367 return NULL;
368 sae_write_commit(sta->sae, buf, sta->sae->tmp ?
369 sta->sae->tmp->anti_clogging_token : NULL);
370
371 return buf;
372 }
373
374
auth_build_sae_confirm(struct hostapd_data * hapd,struct sta_info * sta)375 static struct wpabuf * auth_build_sae_confirm(struct hostapd_data *hapd,
376 struct sta_info *sta)
377 {
378 struct wpabuf *buf;
379
380 buf = wpabuf_alloc(SAE_CONFIRM_MAX_LEN);
381 if (buf == NULL)
382 return NULL;
383
384 sae_write_confirm(sta->sae, buf);
385
386 return buf;
387 }
388
389
auth_sae_send_commit(struct hostapd_data * hapd,struct sta_info * sta,const u8 * bssid,int update)390 static int auth_sae_send_commit(struct hostapd_data *hapd,
391 struct sta_info *sta,
392 const u8 *bssid, int update)
393 {
394 struct wpabuf *data;
395 int reply_res;
396
397 data = auth_build_sae_commit(hapd, sta, update);
398 if (data == NULL)
399 return WLAN_STATUS_UNSPECIFIED_FAILURE;
400
401 reply_res = send_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 1,
402 WLAN_STATUS_SUCCESS, wpabuf_head(data),
403 wpabuf_len(data));
404
405 wpabuf_free(data);
406
407 return reply_res;
408 }
409
410
auth_sae_send_confirm(struct hostapd_data * hapd,struct sta_info * sta,const u8 * bssid)411 static int auth_sae_send_confirm(struct hostapd_data *hapd,
412 struct sta_info *sta,
413 const u8 *bssid)
414 {
415 struct wpabuf *data;
416 int reply_res;
417
418 data = auth_build_sae_confirm(hapd, sta);
419 if (data == NULL)
420 return WLAN_STATUS_UNSPECIFIED_FAILURE;
421
422 reply_res = send_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 2,
423 WLAN_STATUS_SUCCESS, wpabuf_head(data),
424 wpabuf_len(data));
425
426 wpabuf_free(data);
427
428 return reply_res;
429 }
430
431
use_sae_anti_clogging(struct hostapd_data * hapd)432 static int use_sae_anti_clogging(struct hostapd_data *hapd)
433 {
434 struct sta_info *sta;
435 unsigned int open = 0;
436
437 if (hapd->conf->sae_anti_clogging_threshold == 0)
438 return 1;
439
440 for (sta = hapd->sta_list; sta; sta = sta->next) {
441 if (!sta->sae)
442 continue;
443 if (sta->sae->state != SAE_COMMITTED &&
444 sta->sae->state != SAE_CONFIRMED)
445 continue;
446 open++;
447 if (open >= hapd->conf->sae_anti_clogging_threshold)
448 return 1;
449 }
450
451 return 0;
452 }
453
454
check_sae_token(struct hostapd_data * hapd,const u8 * addr,const u8 * token,size_t token_len)455 static int check_sae_token(struct hostapd_data *hapd, const u8 *addr,
456 const u8 *token, size_t token_len)
457 {
458 u8 mac[SHA256_MAC_LEN];
459
460 if (token_len != SHA256_MAC_LEN)
461 return -1;
462 if (hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key),
463 addr, ETH_ALEN, mac) < 0 ||
464 os_memcmp_const(token, mac, SHA256_MAC_LEN) != 0)
465 return -1;
466
467 return 0;
468 }
469
470
auth_build_token_req(struct hostapd_data * hapd,int group,const u8 * addr)471 static struct wpabuf * auth_build_token_req(struct hostapd_data *hapd,
472 int group, const u8 *addr)
473 {
474 struct wpabuf *buf;
475 u8 *token;
476 struct os_reltime now;
477
478 os_get_reltime(&now);
479 if (!os_reltime_initialized(&hapd->last_sae_token_key_update) ||
480 os_reltime_expired(&now, &hapd->last_sae_token_key_update, 60)) {
481 if (random_get_bytes(hapd->sae_token_key,
482 sizeof(hapd->sae_token_key)) < 0)
483 return NULL;
484 wpa_hexdump(MSG_DEBUG, "SAE: Updated token key",
485 hapd->sae_token_key, sizeof(hapd->sae_token_key));
486 hapd->last_sae_token_key_update = now;
487 }
488
489 buf = wpabuf_alloc(sizeof(le16) + SHA256_MAC_LEN);
490 if (buf == NULL)
491 return NULL;
492
493 wpabuf_put_le16(buf, group); /* Finite Cyclic Group */
494
495 token = wpabuf_put(buf, SHA256_MAC_LEN);
496 hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key),
497 addr, ETH_ALEN, token);
498
499 return buf;
500 }
501
502
sae_check_big_sync(struct sta_info * sta)503 static int sae_check_big_sync(struct sta_info *sta)
504 {
505 if (sta->sae->sync > dot11RSNASAESync) {
506 sta->sae->state = SAE_NOTHING;
507 sta->sae->sync = 0;
508 return -1;
509 }
510 return 0;
511 }
512
513
auth_sae_retransmit_timer(void * eloop_ctx,void * eloop_data)514 static void auth_sae_retransmit_timer(void *eloop_ctx, void *eloop_data)
515 {
516 struct hostapd_data *hapd = eloop_ctx;
517 struct sta_info *sta = eloop_data;
518 int ret;
519
520 if (sae_check_big_sync(sta))
521 return;
522 sta->sae->sync++;
523 wpa_printf(MSG_DEBUG, "SAE: Auth SAE retransmit timer for " MACSTR
524 " (sync=%d state=%d)",
525 MAC2STR(sta->addr), sta->sae->sync, sta->sae->state);
526
527 switch (sta->sae->state) {
528 case SAE_COMMITTED:
529 ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0);
530 eloop_register_timeout(0,
531 hapd->dot11RSNASAERetransPeriod * 1000,
532 auth_sae_retransmit_timer, hapd, sta);
533 break;
534 case SAE_CONFIRMED:
535 ret = auth_sae_send_confirm(hapd, sta, hapd->own_addr);
536 eloop_register_timeout(0,
537 hapd->dot11RSNASAERetransPeriod * 1000,
538 auth_sae_retransmit_timer, hapd, sta);
539 break;
540 default:
541 ret = -1;
542 break;
543 }
544
545 if (ret != WLAN_STATUS_SUCCESS)
546 wpa_printf(MSG_INFO, "SAE: Failed to retransmit: ret=%d", ret);
547 }
548
549
sae_clear_retransmit_timer(struct hostapd_data * hapd,struct sta_info * sta)550 void sae_clear_retransmit_timer(struct hostapd_data *hapd, struct sta_info *sta)
551 {
552 eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta);
553 }
554
555
sae_set_retransmit_timer(struct hostapd_data * hapd,struct sta_info * sta)556 static void sae_set_retransmit_timer(struct hostapd_data *hapd,
557 struct sta_info *sta)
558 {
559 if (!(hapd->conf->mesh & MESH_ENABLED))
560 return;
561
562 eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta);
563 eloop_register_timeout(0, hapd->dot11RSNASAERetransPeriod * 1000,
564 auth_sae_retransmit_timer, hapd, sta);
565 }
566
567
sae_accept_sta(struct hostapd_data * hapd,struct sta_info * sta)568 void sae_accept_sta(struct hostapd_data *hapd, struct sta_info *sta)
569 {
570 sta->flags |= WLAN_STA_AUTH;
571 sta->auth_alg = WLAN_AUTH_SAE;
572 mlme_authenticate_indication(hapd, sta);
573 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
574 sta->sae->state = SAE_ACCEPTED;
575 wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr,
576 sta->sae->pmk, sta->sae->pmkid);
577 }
578
579
sae_sm_step(struct hostapd_data * hapd,struct sta_info * sta,const u8 * bssid,u8 auth_transaction)580 static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta,
581 const u8 *bssid, u8 auth_transaction)
582 {
583 int ret;
584
585 if (auth_transaction != 1 && auth_transaction != 2)
586 return WLAN_STATUS_UNSPECIFIED_FAILURE;
587
588 switch (sta->sae->state) {
589 case SAE_NOTHING:
590 if (auth_transaction == 1) {
591 ret = auth_sae_send_commit(hapd, sta, bssid, 1);
592 if (ret)
593 return ret;
594 sta->sae->state = SAE_COMMITTED;
595
596 if (sae_process_commit(sta->sae) < 0)
597 return WLAN_STATUS_UNSPECIFIED_FAILURE;
598
599 /*
600 * In mesh case, both Commit and Confirm can be sent
601 * immediately. In infrastructure BSS, only a single
602 * Authentication frame (Commit) is expected from the AP
603 * here and the second one (Confirm) will be sent once
604 * the STA has sent its second Authentication frame
605 * (Confirm).
606 */
607 if (hapd->conf->mesh & MESH_ENABLED) {
608 /*
609 * Send both Commit and Confirm immediately
610 * based on SAE finite state machine
611 * Nothing -> Confirm transition.
612 */
613 ret = auth_sae_send_confirm(hapd, sta, bssid);
614 if (ret)
615 return ret;
616 sta->sae->state = SAE_CONFIRMED;
617 } else {
618 /*
619 * For infrastructure BSS, send only the Commit
620 * message now to get alternating sequence of
621 * Authentication frames between the AP and STA.
622 * Confirm will be sent in
623 * Committed -> Confirmed/Accepted transition
624 * when receiving Confirm from STA.
625 */
626 }
627 sta->sae->sync = 0;
628 sae_set_retransmit_timer(hapd, sta);
629 } else {
630 hostapd_logger(hapd, sta->addr,
631 HOSTAPD_MODULE_IEEE80211,
632 HOSTAPD_LEVEL_DEBUG,
633 "SAE confirm before commit");
634 }
635 break;
636 case SAE_COMMITTED:
637 sae_clear_retransmit_timer(hapd, sta);
638 if (auth_transaction == 1) {
639 if (sae_process_commit(sta->sae) < 0)
640 return WLAN_STATUS_UNSPECIFIED_FAILURE;
641
642 ret = auth_sae_send_confirm(hapd, sta, bssid);
643 if (ret)
644 return ret;
645 sta->sae->state = SAE_CONFIRMED;
646 sta->sae->sync = 0;
647 sae_set_retransmit_timer(hapd, sta);
648 } else if (hapd->conf->mesh & MESH_ENABLED) {
649 /*
650 * In mesh case, follow SAE finite state machine and
651 * send Commit now, if sync count allows.
652 */
653 if (sae_check_big_sync(sta))
654 return WLAN_STATUS_SUCCESS;
655 sta->sae->sync++;
656
657 ret = auth_sae_send_commit(hapd, sta, bssid, 0);
658 if (ret)
659 return ret;
660
661 sae_set_retransmit_timer(hapd, sta);
662 } else {
663 /*
664 * For instructure BSS, send the postponed Confirm from
665 * Nothing -> Confirmed transition that was reduced to
666 * Nothing -> Committed above.
667 */
668 ret = auth_sae_send_confirm(hapd, sta, bssid);
669 if (ret)
670 return ret;
671
672 sta->sae->state = SAE_CONFIRMED;
673
674 /*
675 * Since this was triggered on Confirm RX, run another
676 * step to get to Accepted without waiting for
677 * additional events.
678 */
679 return sae_sm_step(hapd, sta, bssid, auth_transaction);
680 }
681 break;
682 case SAE_CONFIRMED:
683 sae_clear_retransmit_timer(hapd, sta);
684 if (auth_transaction == 1) {
685 if (sae_check_big_sync(sta))
686 return WLAN_STATUS_SUCCESS;
687 sta->sae->sync++;
688
689 ret = auth_sae_send_commit(hapd, sta, bssid, 1);
690 if (ret)
691 return ret;
692
693 if (sae_process_commit(sta->sae) < 0)
694 return WLAN_STATUS_UNSPECIFIED_FAILURE;
695
696 ret = auth_sae_send_confirm(hapd, sta, bssid);
697 if (ret)
698 return ret;
699
700 sae_set_retransmit_timer(hapd, sta);
701 } else {
702 sae_accept_sta(hapd, sta);
703 }
704 break;
705 case SAE_ACCEPTED:
706 if (auth_transaction == 1) {
707 wpa_printf(MSG_DEBUG, "SAE: remove the STA (" MACSTR
708 ") doing reauthentication",
709 MAC2STR(sta->addr));
710 ap_free_sta(hapd, sta);
711 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
712 } else {
713 if (sae_check_big_sync(sta))
714 return WLAN_STATUS_SUCCESS;
715 sta->sae->sync++;
716
717 ret = auth_sae_send_confirm(hapd, sta, bssid);
718 sae_clear_temp_data(sta->sae);
719 if (ret)
720 return ret;
721 }
722 break;
723 default:
724 wpa_printf(MSG_ERROR, "SAE: invalid state %d",
725 sta->sae->state);
726 return WLAN_STATUS_UNSPECIFIED_FAILURE;
727 }
728 return WLAN_STATUS_SUCCESS;
729 }
730
731
sae_pick_next_group(struct hostapd_data * hapd,struct sta_info * sta)732 static void sae_pick_next_group(struct hostapd_data *hapd, struct sta_info *sta)
733 {
734 struct sae_data *sae = sta->sae;
735 int i, *groups = hapd->conf->sae_groups;
736
737 if (sae->state != SAE_COMMITTED)
738 return;
739
740 wpa_printf(MSG_DEBUG, "SAE: Previously selected group: %d", sae->group);
741
742 for (i = 0; groups && groups[i] > 0; i++) {
743 if (sae->group == groups[i])
744 break;
745 }
746
747 if (!groups || groups[i] <= 0) {
748 wpa_printf(MSG_DEBUG,
749 "SAE: Previously selected group not found from the current configuration");
750 return;
751 }
752
753 for (;;) {
754 i++;
755 if (groups[i] <= 0) {
756 wpa_printf(MSG_DEBUG,
757 "SAE: No alternative group enabled");
758 return;
759 }
760
761 if (sae_set_group(sae, groups[i]) < 0)
762 continue;
763
764 break;
765 }
766 wpa_printf(MSG_DEBUG, "SAE: Selected new group: %d", groups[i]);
767 }
768
769
handle_auth_sae(struct hostapd_data * hapd,struct sta_info * sta,const struct ieee80211_mgmt * mgmt,size_t len,u16 auth_transaction,u16 status_code)770 static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
771 const struct ieee80211_mgmt *mgmt, size_t len,
772 u16 auth_transaction, u16 status_code)
773 {
774 int resp = WLAN_STATUS_SUCCESS;
775 struct wpabuf *data = NULL;
776
777 if (!sta->sae) {
778 if (auth_transaction != 1 ||
779 status_code != WLAN_STATUS_SUCCESS) {
780 resp = -1;
781 goto remove_sta;
782 }
783 sta->sae = os_zalloc(sizeof(*sta->sae));
784 if (!sta->sae) {
785 resp = -1;
786 goto remove_sta;
787 }
788 sta->sae->state = SAE_NOTHING;
789 sta->sae->sync = 0;
790 }
791
792 if (sta->mesh_sae_pmksa_caching) {
793 wpa_printf(MSG_DEBUG,
794 "SAE: Cancel use of mesh PMKSA caching because peer starts SAE authentication");
795 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
796 sta->mesh_sae_pmksa_caching = 0;
797 }
798
799 if (auth_transaction == 1) {
800 const u8 *token = NULL, *pos, *end;
801 size_t token_len = 0;
802 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
803 HOSTAPD_LEVEL_DEBUG,
804 "start SAE authentication (RX commit, status=%u)",
805 status_code);
806
807 if ((hapd->conf->mesh & MESH_ENABLED) &&
808 status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ &&
809 sta->sae->tmp) {
810 pos = mgmt->u.auth.variable;
811 end = ((const u8 *) mgmt) + len;
812 if (pos + sizeof(le16) > end) {
813 wpa_printf(MSG_ERROR,
814 "SAE: Too short anti-clogging token request");
815 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
816 goto reply;
817 }
818 resp = sae_group_allowed(sta->sae,
819 hapd->conf->sae_groups,
820 WPA_GET_LE16(pos));
821 if (resp != WLAN_STATUS_SUCCESS) {
822 wpa_printf(MSG_ERROR,
823 "SAE: Invalid group in anti-clogging token request");
824 goto reply;
825 }
826 pos += sizeof(le16);
827
828 wpabuf_free(sta->sae->tmp->anti_clogging_token);
829 sta->sae->tmp->anti_clogging_token =
830 wpabuf_alloc_copy(pos, end - pos);
831 if (sta->sae->tmp->anti_clogging_token == NULL) {
832 wpa_printf(MSG_ERROR,
833 "SAE: Failed to alloc for anti-clogging token");
834 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
835 goto remove_sta;
836 }
837
838 /*
839 * IEEE Std 802.11-2012, 11.3.8.6.4: If the Status code
840 * is 76, a new Commit Message shall be constructed
841 * with the Anti-Clogging Token from the received
842 * Authentication frame, and the commit-scalar and
843 * COMMIT-ELEMENT previously sent.
844 */
845 resp = auth_sae_send_commit(hapd, sta, mgmt->bssid, 0);
846 if (resp != WLAN_STATUS_SUCCESS) {
847 wpa_printf(MSG_ERROR,
848 "SAE: Failed to send commit message");
849 goto remove_sta;
850 }
851 sta->sae->state = SAE_COMMITTED;
852 sta->sae->sync = 0;
853 sae_set_retransmit_timer(hapd, sta);
854 return;
855 }
856
857 if ((hapd->conf->mesh & MESH_ENABLED) &&
858 status_code ==
859 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED &&
860 sta->sae->tmp) {
861 wpa_printf(MSG_DEBUG,
862 "SAE: Peer did not accept our SAE group");
863 sae_pick_next_group(hapd, sta);
864 goto remove_sta;
865 }
866
867 if (status_code != WLAN_STATUS_SUCCESS)
868 goto remove_sta;
869
870 resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable,
871 ((const u8 *) mgmt) + len -
872 mgmt->u.auth.variable, &token,
873 &token_len, hapd->conf->sae_groups);
874 if (resp == SAE_SILENTLY_DISCARD) {
875 wpa_printf(MSG_DEBUG,
876 "SAE: Drop commit message from " MACSTR " due to reflection attack",
877 MAC2STR(sta->addr));
878 goto remove_sta;
879 }
880 if (token && check_sae_token(hapd, sta->addr, token, token_len)
881 < 0) {
882 wpa_printf(MSG_DEBUG, "SAE: Drop commit message with "
883 "incorrect token from " MACSTR,
884 MAC2STR(sta->addr));
885 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
886 goto remove_sta;
887 }
888
889 if (resp != WLAN_STATUS_SUCCESS)
890 goto reply;
891
892 if (!token && use_sae_anti_clogging(hapd)) {
893 wpa_printf(MSG_DEBUG,
894 "SAE: Request anti-clogging token from "
895 MACSTR, MAC2STR(sta->addr));
896 data = auth_build_token_req(hapd, sta->sae->group,
897 sta->addr);
898 resp = WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ;
899 if (hapd->conf->mesh & MESH_ENABLED)
900 sta->sae->state = SAE_NOTHING;
901 goto reply;
902 }
903
904 resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction);
905 } else if (auth_transaction == 2) {
906 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
907 HOSTAPD_LEVEL_DEBUG,
908 "SAE authentication (RX confirm, status=%u)",
909 status_code);
910 if (status_code != WLAN_STATUS_SUCCESS)
911 goto remove_sta;
912 if (sta->sae->state >= SAE_CONFIRMED ||
913 !(hapd->conf->mesh & MESH_ENABLED)) {
914 if (sae_check_confirm(sta->sae, mgmt->u.auth.variable,
915 ((u8 *) mgmt) + len -
916 mgmt->u.auth.variable) < 0) {
917 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
918 goto reply;
919 }
920 }
921 resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction);
922 } else {
923 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
924 HOSTAPD_LEVEL_DEBUG,
925 "unexpected SAE authentication transaction %u (status=%u)",
926 auth_transaction, status_code);
927 if (status_code != WLAN_STATUS_SUCCESS)
928 goto remove_sta;
929 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
930 }
931
932 reply:
933 if (resp != WLAN_STATUS_SUCCESS) {
934 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE,
935 auth_transaction, resp,
936 data ? wpabuf_head(data) : (u8 *) "",
937 data ? wpabuf_len(data) : 0);
938 }
939
940 remove_sta:
941 if (sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS ||
942 status_code != WLAN_STATUS_SUCCESS)) {
943 hostapd_drv_sta_remove(hapd, sta->addr);
944 sta->added_unassoc = 0;
945 }
946 wpabuf_free(data);
947 }
948
949
950 /**
951 * auth_sae_init_committed - Send COMMIT and start SAE in committed state
952 * @hapd: BSS data for the device initiating the authentication
953 * @sta: the peer to which commit authentication frame is sent
954 *
955 * This function implements Init event handling (IEEE Std 802.11-2012,
956 * 11.3.8.6.3) in which initial COMMIT message is sent. Prior to calling, the
957 * sta->sae structure should be initialized appropriately via a call to
958 * sae_prepare_commit().
959 */
auth_sae_init_committed(struct hostapd_data * hapd,struct sta_info * sta)960 int auth_sae_init_committed(struct hostapd_data *hapd, struct sta_info *sta)
961 {
962 int ret;
963
964 if (!sta->sae || !sta->sae->tmp)
965 return -1;
966
967 if (sta->sae->state != SAE_NOTHING)
968 return -1;
969
970 ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0);
971 if (ret)
972 return -1;
973
974 sta->sae->state = SAE_COMMITTED;
975 sta->sae->sync = 0;
976 sae_set_retransmit_timer(hapd, sta);
977
978 return 0;
979 }
980
981 #endif /* CONFIG_SAE */
982
983
wpa_res_to_status_code(int res)984 static u16 wpa_res_to_status_code(int res)
985 {
986 if (res == WPA_INVALID_GROUP)
987 return WLAN_STATUS_GROUP_CIPHER_NOT_VALID;
988 if (res == WPA_INVALID_PAIRWISE)
989 return WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID;
990 if (res == WPA_INVALID_AKMP)
991 return WLAN_STATUS_AKMP_NOT_VALID;
992 if (res == WPA_ALLOC_FAIL)
993 return WLAN_STATUS_UNSPECIFIED_FAILURE;
994 #ifdef CONFIG_IEEE80211W
995 if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION)
996 return WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION;
997 if (res == WPA_INVALID_MGMT_GROUP_CIPHER)
998 return WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION;
999 #endif /* CONFIG_IEEE80211W */
1000 if (res == WPA_INVALID_MDIE)
1001 return WLAN_STATUS_INVALID_MDIE;
1002 if (res != WPA_IE_OK)
1003 return WLAN_STATUS_INVALID_IE;
1004 return WLAN_STATUS_SUCCESS;
1005 }
1006
1007
1008 #ifdef CONFIG_FILS
1009
1010 static void handle_auth_fils_finish(struct hostapd_data *hapd,
1011 struct sta_info *sta, u16 resp,
1012 struct rsn_pmksa_cache_entry *pmksa,
1013 struct wpabuf *erp_resp,
1014 const u8 *msk, size_t msk_len);
1015
handle_auth_fils(struct hostapd_data * hapd,struct sta_info * sta,const struct ieee80211_mgmt * mgmt,size_t len,u16 auth_transaction,u16 status_code)1016 static void handle_auth_fils(struct hostapd_data *hapd, struct sta_info *sta,
1017 const struct ieee80211_mgmt *mgmt, size_t len,
1018 u16 auth_transaction, u16 status_code)
1019 {
1020 u16 resp = WLAN_STATUS_SUCCESS;
1021 const u8 *pos, *end;
1022 struct ieee802_11_elems elems;
1023 int res;
1024 struct wpa_ie_data rsn;
1025 struct rsn_pmksa_cache_entry *pmksa = NULL;
1026
1027 if (auth_transaction != 1 || status_code != WLAN_STATUS_SUCCESS)
1028 return;
1029
1030 pos = mgmt->u.auth.variable;
1031 end = ((const u8 *) mgmt) + len;
1032
1033 wpa_hexdump(MSG_DEBUG, "FILS: Authentication frame fields",
1034 pos, end - pos);
1035
1036 /* TODO: Finite Cyclic Group when using PK or PFS */
1037 /* TODO: Element when using PK or PFS */
1038
1039 wpa_hexdump(MSG_DEBUG, "FILS: Remaining IEs", pos, end - pos);
1040 if (ieee802_11_parse_elems(pos, end - pos, &elems, 1) == ParseFailed) {
1041 wpa_printf(MSG_DEBUG, "FILS: Could not parse elements");
1042 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1043 goto fail;
1044 }
1045
1046 /* RSNE */
1047 wpa_hexdump(MSG_DEBUG, "FILS: RSN element",
1048 elems.rsn_ie, elems.rsn_ie_len);
1049 if (!elems.rsn_ie ||
1050 wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
1051 &rsn) < 0) {
1052 wpa_printf(MSG_DEBUG, "FILS: No valid RSN element");
1053 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1054 goto fail;
1055 }
1056
1057 if (!sta->wpa_sm)
1058 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr,
1059 NULL);
1060 if (!sta->wpa_sm) {
1061 wpa_printf(MSG_DEBUG,
1062 "FILS: Failed to initialize RSN state machine");
1063 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1064 goto fail;
1065 }
1066
1067 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
1068 elems.rsn_ie - 2, elems.rsn_ie_len + 2,
1069 elems.mdie, elems.mdie_len);
1070 resp = wpa_res_to_status_code(res);
1071 if (resp != WLAN_STATUS_SUCCESS)
1072 goto fail;
1073
1074 /* TODO: MDE when using FILS+FT */
1075 /* TODO: FTE when using FILS+FT */
1076
1077 if (!elems.fils_nonce) {
1078 wpa_printf(MSG_DEBUG, "FILS: No FILS Nonce field");
1079 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1080 goto fail;
1081 }
1082 wpa_hexdump(MSG_DEBUG, "FILS: SNonce", elems.fils_nonce,
1083 FILS_NONCE_LEN);
1084 os_memcpy(sta->fils_snonce, elems.fils_nonce, FILS_NONCE_LEN);
1085
1086 /* PMKID List */
1087 if (rsn.pmkid && rsn.num_pmkid > 0) {
1088 u8 num;
1089 const u8 *pmkid;
1090
1091 wpa_hexdump(MSG_DEBUG, "FILS: PMKID List",
1092 rsn.pmkid, rsn.num_pmkid * PMKID_LEN);
1093
1094 pmkid = rsn.pmkid;
1095 num = rsn.num_pmkid;
1096 while (num) {
1097 wpa_hexdump(MSG_DEBUG, "FILS: PMKID", pmkid, PMKID_LEN);
1098 pmksa = wpa_auth_pmksa_get(hapd->wpa_auth, sta->addr,
1099 pmkid);
1100 if (pmksa)
1101 break;
1102 pmkid += PMKID_LEN;
1103 num--;
1104 }
1105 }
1106 if (pmksa && wpa_auth_sta_key_mgmt(sta->wpa_sm) != pmksa->akmp) {
1107 wpa_printf(MSG_DEBUG,
1108 "FILS: Matching PMKSA cache entry has different AKMP (0x%x != 0x%x) - ignore",
1109 wpa_auth_sta_key_mgmt(sta->wpa_sm), pmksa->akmp);
1110 pmksa = NULL;
1111 }
1112 if (pmksa)
1113 wpa_printf(MSG_DEBUG, "FILS: Found matching PMKSA cache entry");
1114
1115 /* FILS Session */
1116 if (!elems.fils_session) {
1117 wpa_printf(MSG_DEBUG, "FILS: No FILS Session element");
1118 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1119 goto fail;
1120 }
1121 wpa_hexdump(MSG_DEBUG, "FILS: FILS Session", elems.fils_session,
1122 FILS_SESSION_LEN);
1123 os_memcpy(sta->fils_session, elems.fils_session, FILS_SESSION_LEN);
1124
1125 /* FILS Wrapped Data */
1126 if (elems.fils_wrapped_data) {
1127 wpa_hexdump(MSG_DEBUG, "FILS: Wrapped Data",
1128 elems.fils_wrapped_data,
1129 elems.fils_wrapped_data_len);
1130 if (!pmksa) {
1131 #ifndef CONFIG_NO_RADIUS
1132 if (!sta->eapol_sm) {
1133 sta->eapol_sm =
1134 ieee802_1x_alloc_eapol_sm(hapd, sta);
1135 }
1136 wpa_printf(MSG_DEBUG,
1137 "FILS: Forward EAP-Identity/Re-auth Start to authentication server");
1138 ieee802_1x_encapsulate_radius(
1139 hapd, sta, elems.fils_wrapped_data,
1140 elems.fils_wrapped_data_len);
1141 wpa_printf(MSG_DEBUG,
1142 "FILS: Will send Authentication frame once the response from authentication server is available");
1143 sta->flags |= WLAN_STA_PENDING_FILS_ERP;
1144 return;
1145 #else /* CONFIG_NO_RADIUS */
1146 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1147 goto fail;
1148 #endif /* CONFIG_NO_RADIUS */
1149 }
1150 }
1151
1152 fail:
1153 handle_auth_fils_finish(hapd, sta, resp, pmksa, NULL, NULL, 0);
1154 }
1155
1156
handle_auth_fils_finish(struct hostapd_data * hapd,struct sta_info * sta,u16 resp,struct rsn_pmksa_cache_entry * pmksa,struct wpabuf * erp_resp,const u8 * msk,size_t msk_len)1157 static void handle_auth_fils_finish(struct hostapd_data *hapd,
1158 struct sta_info *sta, u16 resp,
1159 struct rsn_pmksa_cache_entry *pmksa,
1160 struct wpabuf *erp_resp,
1161 const u8 *msk, size_t msk_len)
1162 {
1163 u8 fils_nonce[FILS_NONCE_LEN];
1164 size_t ielen;
1165 struct wpabuf *data = NULL;
1166 const u8 *ie;
1167 u8 *ie_buf = NULL;
1168 const u8 *pmk = NULL;
1169 size_t pmk_len = 0;
1170 u8 pmk_buf[PMK_LEN_MAX];
1171
1172 if (resp != WLAN_STATUS_SUCCESS)
1173 goto fail;
1174
1175 ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ielen);
1176 if (!ie) {
1177 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1178 goto fail;
1179 }
1180 if (pmksa) {
1181 /* Add PMKID of the selected PMKSA into RSNE */
1182 ie_buf = os_malloc(ielen + 2 + 2 + PMKID_LEN);
1183 if (!ie_buf) {
1184 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1185 goto fail;
1186 }
1187 os_memcpy(ie_buf, ie, ielen);
1188 if (wpa_insert_pmkid(ie_buf, &ielen, pmksa->pmkid) < 0) {
1189 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1190 goto fail;
1191 }
1192 ie = ie_buf;
1193 }
1194
1195 if (random_get_bytes(fils_nonce, FILS_NONCE_LEN) < 0) {
1196 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1197 goto fail;
1198 }
1199 wpa_hexdump(MSG_DEBUG, "RSN: Generated FILS Nonce",
1200 fils_nonce, FILS_NONCE_LEN);
1201
1202 data = wpabuf_alloc(1000 + ielen);
1203 if (!data) {
1204 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1205 goto fail;
1206 }
1207
1208 /* TODO: Finite Cyclic Group when using PK or PFS */
1209 /* TODO: Element when using PK or PFS */
1210
1211 /* RSNE */
1212 wpabuf_put_data(data, ie, ielen);
1213
1214 /* TODO: MDE when using FILS+FT */
1215 /* TODO: FTE when using FILS+FT */
1216
1217 /* FILS Nonce */
1218 wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
1219 wpabuf_put_u8(data, 1 + FILS_NONCE_LEN); /* Length */
1220 /* Element ID Extension */
1221 wpabuf_put_u8(data, WLAN_EID_EXT_FILS_NONCE);
1222 wpabuf_put_data(data, fils_nonce, FILS_NONCE_LEN);
1223
1224 /* FILS Session */
1225 wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
1226 wpabuf_put_u8(data, 1 + FILS_SESSION_LEN); /* Length */
1227 /* Element ID Extension */
1228 wpabuf_put_u8(data, WLAN_EID_EXT_FILS_SESSION);
1229 wpabuf_put_data(data, sta->fils_session, FILS_SESSION_LEN);
1230
1231 /* FILS Wrapped Data */
1232 if (!pmksa && erp_resp) {
1233 wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
1234 wpabuf_put_u8(data, 1 + wpabuf_len(erp_resp)); /* Length */
1235 /* Element ID Extension */
1236 wpabuf_put_u8(data, WLAN_EID_EXT_FILS_WRAPPED_DATA);
1237 wpabuf_put_buf(data, erp_resp);
1238
1239 if (fils_rmsk_to_pmk(wpa_auth_sta_key_mgmt(sta->wpa_sm),
1240 msk, msk_len, sta->fils_snonce, fils_nonce,
1241 NULL, 0, pmk_buf, &pmk_len)) {
1242 wpa_printf(MSG_DEBUG, "FILS: Failed to derive PMK");
1243 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1244 wpabuf_free(data);
1245 data = NULL;
1246 goto fail;
1247 }
1248 pmk = pmk_buf;
1249 } else if (pmksa) {
1250 pmk = pmksa->pmk;
1251 pmk_len = pmksa->pmk_len;
1252 }
1253
1254 if (!pmk) {
1255 wpa_printf(MSG_DEBUG, "FILS: No PMK available");
1256 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1257 wpabuf_free(data);
1258 data = NULL;
1259 goto fail;
1260 }
1261
1262 if (fils_auth_pmk_to_ptk(sta->wpa_sm, pmk, pmk_len,
1263 sta->fils_snonce, fils_nonce) < 0) {
1264 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1265 wpabuf_free(data);
1266 data = NULL;
1267 goto fail;
1268 }
1269
1270 fail:
1271 send_auth_reply(hapd, sta->addr, hapd->own_addr, WLAN_AUTH_FILS_SK, 2,
1272 resp,
1273 data ? wpabuf_head(data) : (u8 *) "",
1274 data ? wpabuf_len(data) : 0);
1275 wpabuf_free(data);
1276
1277 if (resp == WLAN_STATUS_SUCCESS) {
1278 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1279 HOSTAPD_LEVEL_DEBUG,
1280 "authentication OK (FILS)");
1281 sta->flags |= WLAN_STA_AUTH;
1282 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
1283 sta->auth_alg = WLAN_AUTH_FILS_SK;
1284 mlme_authenticate_indication(hapd, sta);
1285 }
1286
1287 os_free(ie_buf);
1288 }
1289
1290
ieee802_11_finish_fils_auth(struct hostapd_data * hapd,struct sta_info * sta,int success,struct wpabuf * erp_resp,const u8 * msk,size_t msk_len)1291 void ieee802_11_finish_fils_auth(struct hostapd_data *hapd,
1292 struct sta_info *sta, int success,
1293 struct wpabuf *erp_resp,
1294 const u8 *msk, size_t msk_len)
1295 {
1296 sta->flags &= ~WLAN_STA_PENDING_FILS_ERP;
1297 handle_auth_fils_finish(hapd, sta, success ? WLAN_STATUS_SUCCESS :
1298 WLAN_STATUS_UNSPECIFIED_FAILURE, NULL,
1299 erp_resp, msk, msk_len);
1300 }
1301
1302 #endif /* CONFIG_FILS */
1303
1304
1305 static int
ieee802_11_allowed_address(struct hostapd_data * hapd,const u8 * addr,const u8 * msg,size_t len,u32 * session_timeout,u32 * acct_interim_interval,struct vlan_description * vlan_id,struct hostapd_sta_wpa_psk_short ** psk,char ** identity,char ** radius_cui)1306 ieee802_11_allowed_address(struct hostapd_data *hapd, const u8 *addr,
1307 const u8 *msg, size_t len, u32 *session_timeout,
1308 u32 *acct_interim_interval,
1309 struct vlan_description *vlan_id,
1310 struct hostapd_sta_wpa_psk_short **psk,
1311 char **identity, char **radius_cui)
1312 {
1313 int res;
1314
1315 os_memset(vlan_id, 0, sizeof(*vlan_id));
1316 res = hostapd_allowed_address(hapd, addr, msg, len,
1317 session_timeout, acct_interim_interval,
1318 vlan_id, psk, identity, radius_cui);
1319
1320 if (res == HOSTAPD_ACL_REJECT) {
1321 wpa_printf(MSG_INFO,
1322 "Station " MACSTR " not allowed to authenticate",
1323 MAC2STR(addr));
1324 return HOSTAPD_ACL_REJECT;
1325 }
1326
1327 if (res == HOSTAPD_ACL_PENDING) {
1328 wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR
1329 " waiting for an external authentication",
1330 MAC2STR(addr));
1331 /* Authentication code will re-send the authentication frame
1332 * after it has received (and cached) information from the
1333 * external source. */
1334 return HOSTAPD_ACL_PENDING;
1335 }
1336
1337 return res;
1338 }
1339
1340
1341 static int
ieee802_11_set_radius_info(struct hostapd_data * hapd,struct sta_info * sta,int res,u32 session_timeout,u32 acct_interim_interval,struct vlan_description * vlan_id,struct hostapd_sta_wpa_psk_short ** psk,char ** identity,char ** radius_cui)1342 ieee802_11_set_radius_info(struct hostapd_data *hapd, struct sta_info *sta,
1343 int res, u32 session_timeout,
1344 u32 acct_interim_interval,
1345 struct vlan_description *vlan_id,
1346 struct hostapd_sta_wpa_psk_short **psk,
1347 char **identity, char **radius_cui)
1348 {
1349 if (vlan_id->notempty &&
1350 !hostapd_vlan_valid(hapd->conf->vlan, vlan_id)) {
1351 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
1352 HOSTAPD_LEVEL_INFO,
1353 "Invalid VLAN %d%s received from RADIUS server",
1354 vlan_id->untagged,
1355 vlan_id->tagged[0] ? "+" : "");
1356 return -1;
1357 }
1358 if (ap_sta_set_vlan(hapd, sta, vlan_id) < 0)
1359 return -1;
1360 if (sta->vlan_id)
1361 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
1362 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id);
1363
1364 hostapd_free_psk_list(sta->psk);
1365 if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) {
1366 sta->psk = *psk;
1367 *psk = NULL;
1368 } else {
1369 sta->psk = NULL;
1370 }
1371
1372 sta->identity = *identity;
1373 *identity = NULL;
1374 sta->radius_cui = *radius_cui;
1375 *radius_cui = NULL;
1376
1377 if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval)
1378 sta->acct_interim_interval = acct_interim_interval;
1379 if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT)
1380 ap_sta_session_timeout(hapd, sta, session_timeout);
1381 else
1382 ap_sta_no_session_timeout(hapd, sta);
1383
1384 return 0;
1385 }
1386
1387
handle_auth(struct hostapd_data * hapd,const struct ieee80211_mgmt * mgmt,size_t len)1388 static void handle_auth(struct hostapd_data *hapd,
1389 const struct ieee80211_mgmt *mgmt, size_t len)
1390 {
1391 u16 auth_alg, auth_transaction, status_code;
1392 u16 resp = WLAN_STATUS_SUCCESS;
1393 struct sta_info *sta = NULL;
1394 int res, reply_res;
1395 u16 fc;
1396 const u8 *challenge = NULL;
1397 u32 session_timeout, acct_interim_interval;
1398 struct vlan_description vlan_id;
1399 struct hostapd_sta_wpa_psk_short *psk = NULL;
1400 u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN];
1401 size_t resp_ies_len = 0;
1402 char *identity = NULL;
1403 char *radius_cui = NULL;
1404 u16 seq_ctrl;
1405
1406 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
1407 wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
1408 (unsigned long) len);
1409 return;
1410 }
1411
1412 #ifdef CONFIG_TESTING_OPTIONS
1413 if (hapd->iconf->ignore_auth_probability > 0.0 &&
1414 drand48() < hapd->iconf->ignore_auth_probability) {
1415 wpa_printf(MSG_INFO,
1416 "TESTING: ignoring auth frame from " MACSTR,
1417 MAC2STR(mgmt->sa));
1418 return;
1419 }
1420 #endif /* CONFIG_TESTING_OPTIONS */
1421
1422 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
1423 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
1424 status_code = le_to_host16(mgmt->u.auth.status_code);
1425 fc = le_to_host16(mgmt->frame_control);
1426 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
1427
1428 if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) +
1429 2 + WLAN_AUTH_CHALLENGE_LEN &&
1430 mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE &&
1431 mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN)
1432 challenge = &mgmt->u.auth.variable[2];
1433
1434 wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d "
1435 "auth_transaction=%d status_code=%d wep=%d%s "
1436 "seq_ctrl=0x%x%s",
1437 MAC2STR(mgmt->sa), auth_alg, auth_transaction,
1438 status_code, !!(fc & WLAN_FC_ISWEP),
1439 challenge ? " challenge" : "",
1440 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
1441
1442 #ifdef CONFIG_NO_RC4
1443 if (auth_alg == WLAN_AUTH_SHARED_KEY) {
1444 wpa_printf(MSG_INFO,
1445 "Unsupported authentication algorithm (%d)",
1446 auth_alg);
1447 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
1448 goto fail;
1449 }
1450 #endif /* CONFIG_NO_RC4 */
1451
1452 if (hapd->tkip_countermeasures) {
1453 resp = WLAN_REASON_MICHAEL_MIC_FAILURE;
1454 goto fail;
1455 }
1456
1457 if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) &&
1458 auth_alg == WLAN_AUTH_OPEN) ||
1459 #ifdef CONFIG_IEEE80211R_AP
1460 (hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) &&
1461 auth_alg == WLAN_AUTH_FT) ||
1462 #endif /* CONFIG_IEEE80211R_AP */
1463 #ifdef CONFIG_SAE
1464 (hapd->conf->wpa && wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) &&
1465 auth_alg == WLAN_AUTH_SAE) ||
1466 #endif /* CONFIG_SAE */
1467 #ifdef CONFIG_FILS
1468 (hapd->conf->wpa && wpa_key_mgmt_fils(hapd->conf->wpa_key_mgmt) &&
1469 auth_alg == WLAN_AUTH_FILS_SK) ||
1470 #endif /* CONFIG_FILS */
1471 ((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) &&
1472 auth_alg == WLAN_AUTH_SHARED_KEY))) {
1473 wpa_printf(MSG_INFO, "Unsupported authentication algorithm (%d)",
1474 auth_alg);
1475 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
1476 goto fail;
1477 }
1478
1479 if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE ||
1480 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) {
1481 wpa_printf(MSG_INFO, "Unknown authentication transaction number (%d)",
1482 auth_transaction);
1483 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
1484 goto fail;
1485 }
1486
1487 if (os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
1488 wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate",
1489 MAC2STR(mgmt->sa));
1490 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1491 goto fail;
1492 }
1493
1494 if (hapd->conf->no_auth_if_seen_on) {
1495 struct hostapd_data *other;
1496
1497 other = sta_track_seen_on(hapd->iface, mgmt->sa,
1498 hapd->conf->no_auth_if_seen_on);
1499 if (other) {
1500 u8 *pos;
1501 u32 info;
1502 u8 op_class, channel, phytype;
1503
1504 wpa_printf(MSG_DEBUG, "%s: Reject authentication from "
1505 MACSTR " since STA has been seen on %s",
1506 hapd->conf->iface, MAC2STR(mgmt->sa),
1507 hapd->conf->no_auth_if_seen_on);
1508
1509 resp = WLAN_STATUS_REJECTED_WITH_SUGGESTED_BSS_TRANSITION;
1510 pos = &resp_ies[0];
1511 *pos++ = WLAN_EID_NEIGHBOR_REPORT;
1512 *pos++ = 13;
1513 os_memcpy(pos, other->own_addr, ETH_ALEN);
1514 pos += ETH_ALEN;
1515 info = 0; /* TODO: BSSID Information */
1516 WPA_PUT_LE32(pos, info);
1517 pos += 4;
1518 if (other->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD)
1519 phytype = 8; /* dmg */
1520 else if (other->iconf->ieee80211ac)
1521 phytype = 9; /* vht */
1522 else if (other->iconf->ieee80211n)
1523 phytype = 7; /* ht */
1524 else if (other->iconf->hw_mode ==
1525 HOSTAPD_MODE_IEEE80211A)
1526 phytype = 4; /* ofdm */
1527 else if (other->iconf->hw_mode ==
1528 HOSTAPD_MODE_IEEE80211G)
1529 phytype = 6; /* erp */
1530 else
1531 phytype = 5; /* hrdsss */
1532 if (ieee80211_freq_to_channel_ext(
1533 hostapd_hw_get_freq(other,
1534 other->iconf->channel),
1535 other->iconf->secondary_channel,
1536 other->iconf->ieee80211ac,
1537 &op_class, &channel) == NUM_HOSTAPD_MODES) {
1538 op_class = 0;
1539 channel = other->iconf->channel;
1540 }
1541 *pos++ = op_class;
1542 *pos++ = channel;
1543 *pos++ = phytype;
1544 resp_ies_len = pos - &resp_ies[0];
1545 goto fail;
1546 }
1547 }
1548
1549 res = ieee802_11_allowed_address(
1550 hapd, mgmt->sa, (const u8 *) mgmt, len, &session_timeout,
1551 &acct_interim_interval, &vlan_id, &psk, &identity, &radius_cui);
1552 if (res == HOSTAPD_ACL_REJECT) {
1553 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1554 goto fail;
1555 }
1556 if (res == HOSTAPD_ACL_PENDING)
1557 return;
1558
1559 sta = ap_get_sta(hapd, mgmt->sa);
1560 if (sta) {
1561 sta->flags &= ~WLAN_STA_PENDING_FILS_ERP;
1562 if ((fc & WLAN_FC_RETRY) &&
1563 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
1564 sta->last_seq_ctrl == seq_ctrl &&
1565 sta->last_subtype == WLAN_FC_STYPE_AUTH) {
1566 hostapd_logger(hapd, sta->addr,
1567 HOSTAPD_MODULE_IEEE80211,
1568 HOSTAPD_LEVEL_DEBUG,
1569 "Drop repeated authentication frame seq_ctrl=0x%x",
1570 seq_ctrl);
1571 return;
1572 }
1573 #ifdef CONFIG_MESH
1574 if ((hapd->conf->mesh & MESH_ENABLED) &&
1575 sta->plink_state == PLINK_BLOCKED) {
1576 wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
1577 " is blocked - drop Authentication frame",
1578 MAC2STR(mgmt->sa));
1579 return;
1580 }
1581 #endif /* CONFIG_MESH */
1582 } else {
1583 #ifdef CONFIG_MESH
1584 if (hapd->conf->mesh & MESH_ENABLED) {
1585 /* if the mesh peer is not available, we don't do auth.
1586 */
1587 wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
1588 " not yet known - drop Authentication frame",
1589 MAC2STR(mgmt->sa));
1590 /*
1591 * Save a copy of the frame so that it can be processed
1592 * if a new peer entry is added shortly after this.
1593 */
1594 wpabuf_free(hapd->mesh_pending_auth);
1595 hapd->mesh_pending_auth = wpabuf_alloc_copy(mgmt, len);
1596 os_get_reltime(&hapd->mesh_pending_auth_time);
1597 return;
1598 }
1599 #endif /* CONFIG_MESH */
1600
1601 sta = ap_sta_add(hapd, mgmt->sa);
1602 if (!sta) {
1603 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
1604 goto fail;
1605 }
1606 }
1607 sta->last_seq_ctrl = seq_ctrl;
1608 sta->last_subtype = WLAN_FC_STYPE_AUTH;
1609
1610 res = ieee802_11_set_radius_info(
1611 hapd, sta, res, session_timeout, acct_interim_interval,
1612 &vlan_id, &psk, &identity, &radius_cui);
1613 if (res) {
1614 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1615 goto fail;
1616 }
1617
1618 sta->flags &= ~WLAN_STA_PREAUTH;
1619 ieee802_1x_notify_pre_auth(sta->eapol_sm, 0);
1620
1621 /*
1622 * If the driver supports full AP client state, add a station to the
1623 * driver before sending authentication reply to make sure the driver
1624 * has resources, and not to go through the entire authentication and
1625 * association handshake, and fail it at the end.
1626 *
1627 * If this is not the first transaction, in a multi-step authentication
1628 * algorithm, the station already exists in the driver
1629 * (sta->added_unassoc = 1) so skip it.
1630 *
1631 * In mesh mode, the station was already added to the driver when the
1632 * NEW_PEER_CANDIDATE event is received.
1633 *
1634 * If PMF was negotiated for the existing association, skip this to
1635 * avoid dropping the STA entry and the associated keys. This is needed
1636 * to allow the original connection work until the attempt can complete
1637 * (re)association, so that unprotected Authentication frame cannot be
1638 * used to bypass PMF protection.
1639 */
1640 if (FULL_AP_CLIENT_STATE_SUPP(hapd->iface->drv_flags) &&
1641 (!(sta->flags & WLAN_STA_MFP) || !ap_sta_is_authorized(sta)) &&
1642 !(hapd->conf->mesh & MESH_ENABLED) &&
1643 !(sta->added_unassoc)) {
1644 /*
1645 * If a station that is already associated to the AP, is trying
1646 * to authenticate again, remove the STA entry, in order to make
1647 * sure the STA PS state gets cleared and configuration gets
1648 * updated. To handle this, station's added_unassoc flag is
1649 * cleared once the station has completed association.
1650 */
1651 hostapd_drv_sta_remove(hapd, sta->addr);
1652 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH |
1653 WLAN_STA_AUTHORIZED);
1654
1655 if (hostapd_sta_add(hapd, sta->addr, 0, 0, NULL, 0, 0,
1656 NULL, NULL, sta->flags, 0, 0, 0, 0)) {
1657 hostapd_logger(hapd, sta->addr,
1658 HOSTAPD_MODULE_IEEE80211,
1659 HOSTAPD_LEVEL_NOTICE,
1660 "Could not add STA to kernel driver");
1661 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
1662 goto fail;
1663 }
1664
1665 sta->added_unassoc = 1;
1666 }
1667
1668 switch (auth_alg) {
1669 case WLAN_AUTH_OPEN:
1670 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1671 HOSTAPD_LEVEL_DEBUG,
1672 "authentication OK (open system)");
1673 sta->flags |= WLAN_STA_AUTH;
1674 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
1675 sta->auth_alg = WLAN_AUTH_OPEN;
1676 mlme_authenticate_indication(hapd, sta);
1677 break;
1678 #ifndef CONFIG_NO_RC4
1679 case WLAN_AUTH_SHARED_KEY:
1680 resp = auth_shared_key(hapd, sta, auth_transaction, challenge,
1681 fc & WLAN_FC_ISWEP);
1682 sta->auth_alg = WLAN_AUTH_SHARED_KEY;
1683 mlme_authenticate_indication(hapd, sta);
1684 if (sta->challenge && auth_transaction == 1) {
1685 resp_ies[0] = WLAN_EID_CHALLENGE;
1686 resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN;
1687 os_memcpy(resp_ies + 2, sta->challenge,
1688 WLAN_AUTH_CHALLENGE_LEN);
1689 resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN;
1690 }
1691 break;
1692 #endif /* CONFIG_NO_RC4 */
1693 #ifdef CONFIG_IEEE80211R_AP
1694 case WLAN_AUTH_FT:
1695 sta->auth_alg = WLAN_AUTH_FT;
1696 if (sta->wpa_sm == NULL)
1697 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
1698 sta->addr, NULL);
1699 if (sta->wpa_sm == NULL) {
1700 wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA "
1701 "state machine");
1702 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1703 goto fail;
1704 }
1705 wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid,
1706 auth_transaction, mgmt->u.auth.variable,
1707 len - IEEE80211_HDRLEN -
1708 sizeof(mgmt->u.auth),
1709 handle_auth_ft_finish, hapd);
1710 /* handle_auth_ft_finish() callback will complete auth. */
1711 return;
1712 #endif /* CONFIG_IEEE80211R_AP */
1713 #ifdef CONFIG_SAE
1714 case WLAN_AUTH_SAE:
1715 #ifdef CONFIG_MESH
1716 if (status_code == WLAN_STATUS_SUCCESS &&
1717 hapd->conf->mesh & MESH_ENABLED) {
1718 if (sta->wpa_sm == NULL)
1719 sta->wpa_sm =
1720 wpa_auth_sta_init(hapd->wpa_auth,
1721 sta->addr, NULL);
1722 if (sta->wpa_sm == NULL) {
1723 wpa_printf(MSG_DEBUG,
1724 "SAE: Failed to initialize WPA state machine");
1725 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1726 goto fail;
1727 }
1728 }
1729 #endif /* CONFIG_MESH */
1730 handle_auth_sae(hapd, sta, mgmt, len, auth_transaction,
1731 status_code);
1732 return;
1733 #endif /* CONFIG_SAE */
1734 #ifdef CONFIG_FILS
1735 case WLAN_AUTH_FILS_SK:
1736 handle_auth_fils(hapd, sta, mgmt, len, auth_transaction,
1737 status_code);
1738 return;
1739 #endif /* CONFIG_FILS */
1740 }
1741
1742 fail:
1743 os_free(identity);
1744 os_free(radius_cui);
1745 hostapd_free_psk_list(psk);
1746
1747 reply_res = send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg,
1748 auth_transaction + 1, resp, resp_ies,
1749 resp_ies_len);
1750
1751 if (sta && sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS ||
1752 reply_res != WLAN_STATUS_SUCCESS)) {
1753 hostapd_drv_sta_remove(hapd, sta->addr);
1754 sta->added_unassoc = 0;
1755 }
1756 }
1757
1758
hostapd_get_aid(struct hostapd_data * hapd,struct sta_info * sta)1759 int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta)
1760 {
1761 int i, j = 32, aid;
1762
1763 /* get a unique AID */
1764 if (sta->aid > 0) {
1765 wpa_printf(MSG_DEBUG, " old AID %d", sta->aid);
1766 return 0;
1767 }
1768
1769 if (TEST_FAIL())
1770 return -1;
1771
1772 for (i = 0; i < AID_WORDS; i++) {
1773 if (hapd->sta_aid[i] == (u32) -1)
1774 continue;
1775 for (j = 0; j < 32; j++) {
1776 if (!(hapd->sta_aid[i] & BIT(j)))
1777 break;
1778 }
1779 if (j < 32)
1780 break;
1781 }
1782 if (j == 32)
1783 return -1;
1784 aid = i * 32 + j + 1;
1785 if (aid > 2007)
1786 return -1;
1787
1788 sta->aid = aid;
1789 hapd->sta_aid[i] |= BIT(j);
1790 wpa_printf(MSG_DEBUG, " new AID %d", sta->aid);
1791 return 0;
1792 }
1793
1794
check_ssid(struct hostapd_data * hapd,struct sta_info * sta,const u8 * ssid_ie,size_t ssid_ie_len)1795 static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta,
1796 const u8 *ssid_ie, size_t ssid_ie_len)
1797 {
1798 if (ssid_ie == NULL)
1799 return WLAN_STATUS_UNSPECIFIED_FAILURE;
1800
1801 if (ssid_ie_len != hapd->conf->ssid.ssid_len ||
1802 os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) {
1803 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1804 HOSTAPD_LEVEL_INFO,
1805 "Station tried to associate with unknown SSID "
1806 "'%s'", wpa_ssid_txt(ssid_ie, ssid_ie_len));
1807 return WLAN_STATUS_UNSPECIFIED_FAILURE;
1808 }
1809
1810 return WLAN_STATUS_SUCCESS;
1811 }
1812
1813
check_wmm(struct hostapd_data * hapd,struct sta_info * sta,const u8 * wmm_ie,size_t wmm_ie_len)1814 static u16 check_wmm(struct hostapd_data *hapd, struct sta_info *sta,
1815 const u8 *wmm_ie, size_t wmm_ie_len)
1816 {
1817 sta->flags &= ~WLAN_STA_WMM;
1818 sta->qosinfo = 0;
1819 if (wmm_ie && hapd->conf->wmm_enabled) {
1820 struct wmm_information_element *wmm;
1821
1822 if (!hostapd_eid_wmm_valid(hapd, wmm_ie, wmm_ie_len)) {
1823 hostapd_logger(hapd, sta->addr,
1824 HOSTAPD_MODULE_WPA,
1825 HOSTAPD_LEVEL_DEBUG,
1826 "invalid WMM element in association "
1827 "request");
1828 return WLAN_STATUS_UNSPECIFIED_FAILURE;
1829 }
1830
1831 sta->flags |= WLAN_STA_WMM;
1832 wmm = (struct wmm_information_element *) wmm_ie;
1833 sta->qosinfo = wmm->qos_info;
1834 }
1835 return WLAN_STATUS_SUCCESS;
1836 }
1837
1838
copy_supp_rates(struct hostapd_data * hapd,struct sta_info * sta,struct ieee802_11_elems * elems)1839 static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta,
1840 struct ieee802_11_elems *elems)
1841 {
1842 /* Supported rates not used in IEEE 802.11ad/DMG */
1843 if (hapd->iface->current_mode &&
1844 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD)
1845 return WLAN_STATUS_SUCCESS;
1846
1847 if (!elems->supp_rates) {
1848 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1849 HOSTAPD_LEVEL_DEBUG,
1850 "No supported rates element in AssocReq");
1851 return WLAN_STATUS_UNSPECIFIED_FAILURE;
1852 }
1853
1854 if (elems->supp_rates_len + elems->ext_supp_rates_len >
1855 sizeof(sta->supported_rates)) {
1856 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1857 HOSTAPD_LEVEL_DEBUG,
1858 "Invalid supported rates element length %d+%d",
1859 elems->supp_rates_len,
1860 elems->ext_supp_rates_len);
1861 return WLAN_STATUS_UNSPECIFIED_FAILURE;
1862 }
1863
1864 sta->supported_rates_len = merge_byte_arrays(
1865 sta->supported_rates, sizeof(sta->supported_rates),
1866 elems->supp_rates, elems->supp_rates_len,
1867 elems->ext_supp_rates, elems->ext_supp_rates_len);
1868
1869 return WLAN_STATUS_SUCCESS;
1870 }
1871
1872
check_ext_capab(struct hostapd_data * hapd,struct sta_info * sta,const u8 * ext_capab_ie,size_t ext_capab_ie_len)1873 static u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta,
1874 const u8 *ext_capab_ie, size_t ext_capab_ie_len)
1875 {
1876 #ifdef CONFIG_INTERWORKING
1877 /* check for QoS Map support */
1878 if (ext_capab_ie_len >= 5) {
1879 if (ext_capab_ie[4] & 0x01)
1880 sta->qos_map_enabled = 1;
1881 }
1882 #endif /* CONFIG_INTERWORKING */
1883
1884 if (ext_capab_ie_len > 0)
1885 sta->ecsa_supported = !!(ext_capab_ie[0] & BIT(2));
1886
1887 return WLAN_STATUS_SUCCESS;
1888 }
1889
1890
check_assoc_ies(struct hostapd_data * hapd,struct sta_info * sta,const u8 * ies,size_t ies_len,int reassoc)1891 static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
1892 const u8 *ies, size_t ies_len, int reassoc)
1893 {
1894 struct ieee802_11_elems elems;
1895 u16 resp;
1896 const u8 *wpa_ie;
1897 size_t wpa_ie_len;
1898 const u8 *p2p_dev_addr = NULL;
1899
1900 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) {
1901 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1902 HOSTAPD_LEVEL_INFO, "Station sent an invalid "
1903 "association request");
1904 return WLAN_STATUS_UNSPECIFIED_FAILURE;
1905 }
1906
1907 resp = check_ssid(hapd, sta, elems.ssid, elems.ssid_len);
1908 if (resp != WLAN_STATUS_SUCCESS)
1909 return resp;
1910 resp = check_wmm(hapd, sta, elems.wmm, elems.wmm_len);
1911 if (resp != WLAN_STATUS_SUCCESS)
1912 return resp;
1913 resp = check_ext_capab(hapd, sta, elems.ext_capab, elems.ext_capab_len);
1914 if (resp != WLAN_STATUS_SUCCESS)
1915 return resp;
1916 resp = copy_supp_rates(hapd, sta, &elems);
1917 if (resp != WLAN_STATUS_SUCCESS)
1918 return resp;
1919 #ifdef CONFIG_IEEE80211N
1920 resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities);
1921 if (resp != WLAN_STATUS_SUCCESS)
1922 return resp;
1923 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht &&
1924 !(sta->flags & WLAN_STA_HT)) {
1925 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1926 HOSTAPD_LEVEL_INFO, "Station does not support "
1927 "mandatory HT PHY - reject association");
1928 return WLAN_STATUS_ASSOC_DENIED_NO_HT;
1929 }
1930 #endif /* CONFIG_IEEE80211N */
1931
1932 #ifdef CONFIG_IEEE80211AC
1933 if (hapd->iconf->ieee80211ac) {
1934 resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities);
1935 if (resp != WLAN_STATUS_SUCCESS)
1936 return resp;
1937
1938 resp = set_sta_vht_opmode(hapd, sta, elems.vht_opmode_notif);
1939 if (resp != WLAN_STATUS_SUCCESS)
1940 return resp;
1941 }
1942
1943 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht &&
1944 !(sta->flags & WLAN_STA_VHT)) {
1945 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1946 HOSTAPD_LEVEL_INFO, "Station does not support "
1947 "mandatory VHT PHY - reject association");
1948 return WLAN_STATUS_ASSOC_DENIED_NO_VHT;
1949 }
1950
1951 if (hapd->conf->vendor_vht && !elems.vht_capabilities) {
1952 resp = copy_sta_vendor_vht(hapd, sta, elems.vendor_vht,
1953 elems.vendor_vht_len);
1954 if (resp != WLAN_STATUS_SUCCESS)
1955 return resp;
1956 }
1957 #endif /* CONFIG_IEEE80211AC */
1958
1959 #ifdef CONFIG_P2P
1960 if (elems.p2p) {
1961 wpabuf_free(sta->p2p_ie);
1962 sta->p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len,
1963 P2P_IE_VENDOR_TYPE);
1964 if (sta->p2p_ie)
1965 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie);
1966 } else {
1967 wpabuf_free(sta->p2p_ie);
1968 sta->p2p_ie = NULL;
1969 }
1970 #endif /* CONFIG_P2P */
1971
1972 if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems.rsn_ie) {
1973 wpa_ie = elems.rsn_ie;
1974 wpa_ie_len = elems.rsn_ie_len;
1975 } else if ((hapd->conf->wpa & WPA_PROTO_WPA) &&
1976 elems.wpa_ie) {
1977 wpa_ie = elems.wpa_ie;
1978 wpa_ie_len = elems.wpa_ie_len;
1979 } else {
1980 wpa_ie = NULL;
1981 wpa_ie_len = 0;
1982 }
1983
1984 #ifdef CONFIG_WPS
1985 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2);
1986 if (hapd->conf->wps_state && elems.wps_ie) {
1987 wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)Association "
1988 "Request - assume WPS is used");
1989 sta->flags |= WLAN_STA_WPS;
1990 wpabuf_free(sta->wps_ie);
1991 sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len,
1992 WPS_IE_VENDOR_TYPE);
1993 if (sta->wps_ie && wps_is_20(sta->wps_ie)) {
1994 wpa_printf(MSG_DEBUG, "WPS: STA supports WPS 2.0");
1995 sta->flags |= WLAN_STA_WPS2;
1996 }
1997 wpa_ie = NULL;
1998 wpa_ie_len = 0;
1999 if (sta->wps_ie && wps_validate_assoc_req(sta->wps_ie) < 0) {
2000 wpa_printf(MSG_DEBUG, "WPS: Invalid WPS IE in "
2001 "(Re)Association Request - reject");
2002 return WLAN_STATUS_INVALID_IE;
2003 }
2004 } else if (hapd->conf->wps_state && wpa_ie == NULL) {
2005 wpa_printf(MSG_DEBUG, "STA did not include WPA/RSN IE in "
2006 "(Re)Association Request - possible WPS use");
2007 sta->flags |= WLAN_STA_MAYBE_WPS;
2008 } else
2009 #endif /* CONFIG_WPS */
2010 if (hapd->conf->wpa && wpa_ie == NULL) {
2011 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2012 HOSTAPD_LEVEL_INFO,
2013 "No WPA/RSN IE in association request");
2014 return WLAN_STATUS_INVALID_IE;
2015 }
2016
2017 if (hapd->conf->wpa && wpa_ie) {
2018 int res;
2019 wpa_ie -= 2;
2020 wpa_ie_len += 2;
2021 if (sta->wpa_sm == NULL)
2022 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
2023 sta->addr,
2024 p2p_dev_addr);
2025 if (sta->wpa_sm == NULL) {
2026 wpa_printf(MSG_WARNING, "Failed to initialize WPA "
2027 "state machine");
2028 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2029 }
2030 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
2031 wpa_ie, wpa_ie_len,
2032 elems.mdie, elems.mdie_len);
2033 resp = wpa_res_to_status_code(res);
2034 if (resp != WLAN_STATUS_SUCCESS)
2035 return resp;
2036 #ifdef CONFIG_IEEE80211W
2037 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out &&
2038 sta->sa_query_count > 0)
2039 ap_check_sa_query_timeout(hapd, sta);
2040 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out &&
2041 (!reassoc || sta->auth_alg != WLAN_AUTH_FT)) {
2042 /*
2043 * STA has already been associated with MFP and SA
2044 * Query timeout has not been reached. Reject the
2045 * association attempt temporarily and start SA Query,
2046 * if one is not pending.
2047 */
2048
2049 if (sta->sa_query_count == 0)
2050 ap_sta_start_sa_query(hapd, sta);
2051
2052 return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY;
2053 }
2054
2055 if (wpa_auth_uses_mfp(sta->wpa_sm))
2056 sta->flags |= WLAN_STA_MFP;
2057 else
2058 sta->flags &= ~WLAN_STA_MFP;
2059 #endif /* CONFIG_IEEE80211W */
2060
2061 #ifdef CONFIG_IEEE80211R_AP
2062 if (sta->auth_alg == WLAN_AUTH_FT) {
2063 if (!reassoc) {
2064 wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried "
2065 "to use association (not "
2066 "re-association) with FT auth_alg",
2067 MAC2STR(sta->addr));
2068 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2069 }
2070
2071 resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies,
2072 ies_len);
2073 if (resp != WLAN_STATUS_SUCCESS)
2074 return resp;
2075 }
2076 #endif /* CONFIG_IEEE80211R_AP */
2077
2078 #ifdef CONFIG_SAE
2079 if (wpa_auth_uses_sae(sta->wpa_sm) &&
2080 sta->auth_alg == WLAN_AUTH_OPEN) {
2081 struct rsn_pmksa_cache_entry *sa;
2082 sa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
2083 if (!sa || sa->akmp != WPA_KEY_MGMT_SAE) {
2084 wpa_printf(MSG_DEBUG,
2085 "SAE: No PMKSA cache entry found for "
2086 MACSTR, MAC2STR(sta->addr));
2087 return WLAN_STATUS_INVALID_PMKID;
2088 }
2089 wpa_printf(MSG_DEBUG, "SAE: " MACSTR
2090 " using PMKSA caching", MAC2STR(sta->addr));
2091 } else if (wpa_auth_uses_sae(sta->wpa_sm) &&
2092 sta->auth_alg != WLAN_AUTH_SAE &&
2093 !(sta->auth_alg == WLAN_AUTH_FT &&
2094 wpa_auth_uses_ft_sae(sta->wpa_sm))) {
2095 wpa_printf(MSG_DEBUG, "SAE: " MACSTR " tried to use "
2096 "SAE AKM after non-SAE auth_alg %u",
2097 MAC2STR(sta->addr), sta->auth_alg);
2098 return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
2099 }
2100 #endif /* CONFIG_SAE */
2101
2102 #ifdef CONFIG_IEEE80211N
2103 if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) &&
2104 wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) {
2105 hostapd_logger(hapd, sta->addr,
2106 HOSTAPD_MODULE_IEEE80211,
2107 HOSTAPD_LEVEL_INFO,
2108 "Station tried to use TKIP with HT "
2109 "association");
2110 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY;
2111 }
2112 #endif /* CONFIG_IEEE80211N */
2113 #ifdef CONFIG_HS20
2114 } else if (hapd->conf->osen) {
2115 if (elems.osen == NULL) {
2116 hostapd_logger(
2117 hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2118 HOSTAPD_LEVEL_INFO,
2119 "No HS 2.0 OSEN element in association request");
2120 return WLAN_STATUS_INVALID_IE;
2121 }
2122
2123 wpa_printf(MSG_DEBUG, "HS 2.0: OSEN association");
2124 if (sta->wpa_sm == NULL)
2125 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
2126 sta->addr, NULL);
2127 if (sta->wpa_sm == NULL) {
2128 wpa_printf(MSG_WARNING, "Failed to initialize WPA "
2129 "state machine");
2130 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2131 }
2132 if (wpa_validate_osen(hapd->wpa_auth, sta->wpa_sm,
2133 elems.osen - 2, elems.osen_len + 2) < 0)
2134 return WLAN_STATUS_INVALID_IE;
2135 #endif /* CONFIG_HS20 */
2136 } else
2137 wpa_auth_sta_no_wpa(sta->wpa_sm);
2138
2139 #ifdef CONFIG_P2P
2140 p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len);
2141 #endif /* CONFIG_P2P */
2142
2143 #ifdef CONFIG_HS20
2144 wpabuf_free(sta->hs20_ie);
2145 if (elems.hs20 && elems.hs20_len > 4) {
2146 sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4,
2147 elems.hs20_len - 4);
2148 } else
2149 sta->hs20_ie = NULL;
2150 #endif /* CONFIG_HS20 */
2151
2152 #ifdef CONFIG_FST
2153 wpabuf_free(sta->mb_ies);
2154 if (hapd->iface->fst)
2155 sta->mb_ies = mb_ies_by_info(&elems.mb_ies);
2156 else
2157 sta->mb_ies = NULL;
2158 #endif /* CONFIG_FST */
2159
2160 #ifdef CONFIG_MBO
2161 mbo_ap_check_sta_assoc(hapd, sta, &elems);
2162
2163 if (hapd->conf->mbo_enabled && (hapd->conf->wpa & 2) &&
2164 elems.mbo && sta->cell_capa && !(sta->flags & WLAN_STA_MFP) &&
2165 hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
2166 wpa_printf(MSG_INFO,
2167 "MBO: Reject WPA2 association without PMF");
2168 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2169 }
2170 #endif /* CONFIG_MBO */
2171
2172 ap_copy_sta_supp_op_classes(sta, elems.supp_op_classes,
2173 elems.supp_op_classes_len);
2174
2175 if ((sta->capability & WLAN_CAPABILITY_RADIO_MEASUREMENT) &&
2176 elems.rrm_enabled &&
2177 elems.rrm_enabled_len >= sizeof(sta->rrm_enabled_capa))
2178 os_memcpy(sta->rrm_enabled_capa, elems.rrm_enabled,
2179 sizeof(sta->rrm_enabled_capa));
2180
2181 return WLAN_STATUS_SUCCESS;
2182 }
2183
2184
send_deauth(struct hostapd_data * hapd,const u8 * addr,u16 reason_code)2185 static void send_deauth(struct hostapd_data *hapd, const u8 *addr,
2186 u16 reason_code)
2187 {
2188 int send_len;
2189 struct ieee80211_mgmt reply;
2190
2191 os_memset(&reply, 0, sizeof(reply));
2192 reply.frame_control =
2193 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH);
2194 os_memcpy(reply.da, addr, ETH_ALEN);
2195 os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN);
2196 os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN);
2197
2198 send_len = IEEE80211_HDRLEN + sizeof(reply.u.deauth);
2199 reply.u.deauth.reason_code = host_to_le16(reason_code);
2200
2201 if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0)
2202 wpa_printf(MSG_INFO, "Failed to send deauth: %s",
2203 strerror(errno));
2204 }
2205
2206
add_associated_sta(struct hostapd_data * hapd,struct sta_info * sta)2207 static int add_associated_sta(struct hostapd_data *hapd,
2208 struct sta_info *sta)
2209 {
2210 struct ieee80211_ht_capabilities ht_cap;
2211 struct ieee80211_vht_capabilities vht_cap;
2212 int set = 1;
2213
2214 /*
2215 * Remove the STA entry to ensure the STA PS state gets cleared and
2216 * configuration gets updated. This is relevant for cases, such as
2217 * FT-over-the-DS, where a station re-associates back to the same AP but
2218 * skips the authentication flow, or if working with a driver that
2219 * does not support full AP client state.
2220 *
2221 * Skip this if the STA has already completed FT reassociation and the
2222 * TK has been configured since the TX/RX PN must not be reset to 0 for
2223 * the same key.
2224 */
2225 if (!sta->added_unassoc &&
2226 (!(sta->flags & WLAN_STA_AUTHORIZED) ||
2227 !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
2228 hostapd_drv_sta_remove(hapd, sta->addr);
2229 wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
2230 set = 0;
2231 }
2232
2233 #ifdef CONFIG_IEEE80211N
2234 if (sta->flags & WLAN_STA_HT)
2235 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap);
2236 #endif /* CONFIG_IEEE80211N */
2237 #ifdef CONFIG_IEEE80211AC
2238 if (sta->flags & WLAN_STA_VHT)
2239 hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap);
2240 #endif /* CONFIG_IEEE80211AC */
2241
2242 /*
2243 * Add the station with forced WLAN_STA_ASSOC flag. The sta->flags
2244 * will be set when the ACK frame for the (Re)Association Response frame
2245 * is processed (TX status driver event).
2246 */
2247 if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability,
2248 sta->supported_rates, sta->supported_rates_len,
2249 sta->listen_interval,
2250 sta->flags & WLAN_STA_HT ? &ht_cap : NULL,
2251 sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
2252 sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
2253 sta->vht_opmode, sta->p2p_ie ? 1 : 0,
2254 set)) {
2255 hostapd_logger(hapd, sta->addr,
2256 HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
2257 "Could not %s STA to kernel driver",
2258 set ? "set" : "add");
2259
2260 if (sta->added_unassoc) {
2261 hostapd_drv_sta_remove(hapd, sta->addr);
2262 sta->added_unassoc = 0;
2263 }
2264
2265 return -1;
2266 }
2267
2268 sta->added_unassoc = 0;
2269
2270 return 0;
2271 }
2272
2273
send_assoc_resp(struct hostapd_data * hapd,struct sta_info * sta,const u8 * addr,u16 status_code,int reassoc,const u8 * ies,size_t ies_len)2274 static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
2275 const u8 *addr, u16 status_code, int reassoc,
2276 const u8 *ies, size_t ies_len)
2277 {
2278 int send_len;
2279 u8 *buf;
2280 size_t buflen;
2281 struct ieee80211_mgmt *reply;
2282 u8 *p;
2283 u16 res = WLAN_STATUS_SUCCESS;
2284
2285 buflen = sizeof(struct ieee80211_mgmt) + 1024;
2286 #ifdef CONFIG_FILS
2287 if (sta && sta->fils_hlp_resp)
2288 buflen += wpabuf_len(sta->fils_hlp_resp);
2289 #endif /* CONFIG_FILS */
2290 buf = os_zalloc(buflen);
2291 if (!buf) {
2292 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
2293 goto done;
2294 }
2295 reply = (struct ieee80211_mgmt *) buf;
2296 reply->frame_control =
2297 IEEE80211_FC(WLAN_FC_TYPE_MGMT,
2298 (reassoc ? WLAN_FC_STYPE_REASSOC_RESP :
2299 WLAN_FC_STYPE_ASSOC_RESP));
2300 os_memcpy(reply->da, addr, ETH_ALEN);
2301 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN);
2302 os_memcpy(reply->bssid, hapd->own_addr, ETH_ALEN);
2303
2304 send_len = IEEE80211_HDRLEN;
2305 send_len += sizeof(reply->u.assoc_resp);
2306 reply->u.assoc_resp.capab_info =
2307 host_to_le16(hostapd_own_capab_info(hapd));
2308 reply->u.assoc_resp.status_code = host_to_le16(status_code);
2309
2310 reply->u.assoc_resp.aid = host_to_le16((sta ? sta->aid : 0) |
2311 BIT(14) | BIT(15));
2312 /* Supported rates */
2313 p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable);
2314 /* Extended supported rates */
2315 p = hostapd_eid_ext_supp_rates(hapd, p);
2316
2317 #ifdef CONFIG_IEEE80211R_AP
2318 if (sta && status_code == WLAN_STATUS_SUCCESS) {
2319 /* IEEE 802.11r: Mobility Domain Information, Fast BSS
2320 * Transition Information, RSN, [RIC Response] */
2321 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p,
2322 buf + buflen - p,
2323 sta->auth_alg, ies, ies_len);
2324 }
2325 #endif /* CONFIG_IEEE80211R_AP */
2326
2327 #ifdef CONFIG_IEEE80211W
2328 if (sta && status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY)
2329 p = hostapd_eid_assoc_comeback_time(hapd, sta, p);
2330 #endif /* CONFIG_IEEE80211W */
2331
2332 #ifdef CONFIG_IEEE80211N
2333 p = hostapd_eid_ht_capabilities(hapd, p);
2334 p = hostapd_eid_ht_operation(hapd, p);
2335 #endif /* CONFIG_IEEE80211N */
2336
2337 #ifdef CONFIG_IEEE80211AC
2338 if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac) {
2339 u32 nsts = 0, sta_nsts;
2340
2341 if (sta && hapd->conf->use_sta_nsts && sta->vht_capabilities) {
2342 struct ieee80211_vht_capabilities *capa;
2343
2344 nsts = (hapd->iface->conf->vht_capab >>
2345 VHT_CAP_BEAMFORMEE_STS_OFFSET) & 7;
2346 capa = sta->vht_capabilities;
2347 sta_nsts = (le_to_host32(capa->vht_capabilities_info) >>
2348 VHT_CAP_BEAMFORMEE_STS_OFFSET) & 7;
2349
2350 if (nsts < sta_nsts)
2351 nsts = 0;
2352 else
2353 nsts = sta_nsts;
2354 }
2355 p = hostapd_eid_vht_capabilities(hapd, p, nsts);
2356 p = hostapd_eid_vht_operation(hapd, p);
2357 }
2358 #endif /* CONFIG_IEEE80211AC */
2359
2360 p = hostapd_eid_ext_capab(hapd, p);
2361 p = hostapd_eid_bss_max_idle_period(hapd, p);
2362 if (sta && sta->qos_map_enabled)
2363 p = hostapd_eid_qos_map_set(hapd, p);
2364
2365 #ifdef CONFIG_FST
2366 if (hapd->iface->fst_ies) {
2367 os_memcpy(p, wpabuf_head(hapd->iface->fst_ies),
2368 wpabuf_len(hapd->iface->fst_ies));
2369 p += wpabuf_len(hapd->iface->fst_ies);
2370 }
2371 #endif /* CONFIG_FST */
2372
2373 #ifdef CONFIG_IEEE80211AC
2374 if (sta && hapd->conf->vendor_vht && (sta->flags & WLAN_STA_VENDOR_VHT))
2375 p = hostapd_eid_vendor_vht(hapd, p);
2376 #endif /* CONFIG_IEEE80211AC */
2377
2378 if (sta && (sta->flags & WLAN_STA_WMM))
2379 p = hostapd_eid_wmm(hapd, p);
2380
2381 #ifdef CONFIG_WPS
2382 if (sta &&
2383 ((sta->flags & WLAN_STA_WPS) ||
2384 ((sta->flags & WLAN_STA_MAYBE_WPS) && hapd->conf->wpa))) {
2385 struct wpabuf *wps = wps_build_assoc_resp_ie();
2386 if (wps) {
2387 os_memcpy(p, wpabuf_head(wps), wpabuf_len(wps));
2388 p += wpabuf_len(wps);
2389 wpabuf_free(wps);
2390 }
2391 }
2392 #endif /* CONFIG_WPS */
2393
2394 #ifdef CONFIG_P2P
2395 if (sta && sta->p2p_ie && hapd->p2p_group) {
2396 struct wpabuf *p2p_resp_ie;
2397 enum p2p_status_code status;
2398 switch (status_code) {
2399 case WLAN_STATUS_SUCCESS:
2400 status = P2P_SC_SUCCESS;
2401 break;
2402 case WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA:
2403 status = P2P_SC_FAIL_LIMIT_REACHED;
2404 break;
2405 default:
2406 status = P2P_SC_FAIL_INVALID_PARAMS;
2407 break;
2408 }
2409 p2p_resp_ie = p2p_group_assoc_resp_ie(hapd->p2p_group, status);
2410 if (p2p_resp_ie) {
2411 os_memcpy(p, wpabuf_head(p2p_resp_ie),
2412 wpabuf_len(p2p_resp_ie));
2413 p += wpabuf_len(p2p_resp_ie);
2414 wpabuf_free(p2p_resp_ie);
2415 }
2416 }
2417 #endif /* CONFIG_P2P */
2418
2419 #ifdef CONFIG_P2P_MANAGER
2420 if (hapd->conf->p2p & P2P_MANAGE)
2421 p = hostapd_eid_p2p_manage(hapd, p);
2422 #endif /* CONFIG_P2P_MANAGER */
2423
2424 p = hostapd_eid_mbo(hapd, p, buf + buflen - p);
2425
2426 if (hapd->conf->assocresp_elements &&
2427 (size_t) (buf + buflen - p) >=
2428 wpabuf_len(hapd->conf->assocresp_elements)) {
2429 os_memcpy(p, wpabuf_head(hapd->conf->assocresp_elements),
2430 wpabuf_len(hapd->conf->assocresp_elements));
2431 p += wpabuf_len(hapd->conf->assocresp_elements);
2432 }
2433
2434 send_len += p - reply->u.assoc_resp.variable;
2435
2436 #ifdef CONFIG_FILS
2437 if (sta &&
2438 (sta->auth_alg == WLAN_AUTH_FILS_SK ||
2439 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
2440 sta->auth_alg == WLAN_AUTH_FILS_PK) &&
2441 status_code == WLAN_STATUS_SUCCESS) {
2442 struct ieee802_11_elems elems;
2443
2444 if (ieee802_11_parse_elems(ies, ies_len, &elems, 0) ==
2445 ParseFailed || !elems.fils_session) {
2446 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
2447 goto done;
2448 }
2449
2450 /* FILS Session */
2451 *p++ = WLAN_EID_EXTENSION; /* Element ID */
2452 *p++ = 1 + FILS_SESSION_LEN; /* Length */
2453 *p++ = WLAN_EID_EXT_FILS_SESSION; /* Element ID Extension */
2454 os_memcpy(p, elems.fils_session, FILS_SESSION_LEN);
2455 send_len += 2 + 1 + FILS_SESSION_LEN;
2456
2457 send_len = fils_encrypt_assoc(sta->wpa_sm, buf, send_len,
2458 buflen, sta->fils_hlp_resp);
2459 if (send_len < 0) {
2460 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
2461 goto done;
2462 }
2463 }
2464 #endif /* CONFIG_FILS */
2465
2466 if (hostapd_drv_send_mlme(hapd, reply, send_len, 0) < 0) {
2467 wpa_printf(MSG_INFO, "Failed to send assoc resp: %s",
2468 strerror(errno));
2469 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
2470 }
2471
2472 done:
2473 os_free(buf);
2474 return res;
2475 }
2476
2477
2478 #ifdef CONFIG_FILS
2479
fils_hlp_finish_assoc(struct hostapd_data * hapd,struct sta_info * sta)2480 void fils_hlp_finish_assoc(struct hostapd_data *hapd, struct sta_info *sta)
2481 {
2482 u16 reply_res;
2483
2484 wpa_printf(MSG_DEBUG, "FILS: Finish association with " MACSTR,
2485 MAC2STR(sta->addr));
2486 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
2487 if (!sta->fils_pending_assoc_req)
2488 return;
2489 reply_res = send_assoc_resp(hapd, sta, sta->addr, WLAN_STATUS_SUCCESS,
2490 sta->fils_pending_assoc_is_reassoc,
2491 sta->fils_pending_assoc_req,
2492 sta->fils_pending_assoc_req_len);
2493 os_free(sta->fils_pending_assoc_req);
2494 sta->fils_pending_assoc_req = NULL;
2495 sta->fils_pending_assoc_req_len = 0;
2496 wpabuf_free(sta->fils_hlp_resp);
2497 sta->fils_hlp_resp = NULL;
2498 wpabuf_free(sta->hlp_dhcp_discover);
2499 sta->hlp_dhcp_discover = NULL;
2500
2501 /*
2502 * Remove the station in case tranmission of a success response fails
2503 * (the STA was added associated to the driver) or if the station was
2504 * previously added unassociated.
2505 */
2506 if (reply_res != WLAN_STATUS_SUCCESS || sta->added_unassoc) {
2507 hostapd_drv_sta_remove(hapd, sta->addr);
2508 sta->added_unassoc = 0;
2509 }
2510 }
2511
2512
fils_hlp_timeout(void * eloop_ctx,void * eloop_data)2513 void fils_hlp_timeout(void *eloop_ctx, void *eloop_data)
2514 {
2515 struct hostapd_data *hapd = eloop_ctx;
2516 struct sta_info *sta = eloop_data;
2517
2518 wpa_printf(MSG_DEBUG,
2519 "FILS: HLP response timeout - continue with association response for "
2520 MACSTR, MAC2STR(sta->addr));
2521 fils_hlp_finish_assoc(hapd, sta);
2522 }
2523
2524 #endif /* CONFIG_FILS */
2525
2526
handle_assoc(struct hostapd_data * hapd,const struct ieee80211_mgmt * mgmt,size_t len,int reassoc)2527 static void handle_assoc(struct hostapd_data *hapd,
2528 const struct ieee80211_mgmt *mgmt, size_t len,
2529 int reassoc)
2530 {
2531 u16 capab_info, listen_interval, seq_ctrl, fc;
2532 u16 resp = WLAN_STATUS_SUCCESS, reply_res;
2533 const u8 *pos;
2534 int left, i;
2535 struct sta_info *sta;
2536 u8 *tmp = NULL;
2537 struct hostapd_sta_wpa_psk_short *psk = NULL;
2538 char *identity = NULL;
2539 char *radius_cui = NULL;
2540 #ifdef CONFIG_FILS
2541 int delay_assoc = 0;
2542 #endif /* CONFIG_FILS */
2543
2544 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
2545 sizeof(mgmt->u.assoc_req))) {
2546 wpa_printf(MSG_INFO, "handle_assoc(reassoc=%d) - too short payload (len=%lu)",
2547 reassoc, (unsigned long) len);
2548 return;
2549 }
2550
2551 #ifdef CONFIG_TESTING_OPTIONS
2552 if (reassoc) {
2553 if (hapd->iconf->ignore_reassoc_probability > 0.0 &&
2554 drand48() < hapd->iconf->ignore_reassoc_probability) {
2555 wpa_printf(MSG_INFO,
2556 "TESTING: ignoring reassoc request from "
2557 MACSTR, MAC2STR(mgmt->sa));
2558 return;
2559 }
2560 } else {
2561 if (hapd->iconf->ignore_assoc_probability > 0.0 &&
2562 drand48() < hapd->iconf->ignore_assoc_probability) {
2563 wpa_printf(MSG_INFO,
2564 "TESTING: ignoring assoc request from "
2565 MACSTR, MAC2STR(mgmt->sa));
2566 return;
2567 }
2568 }
2569 #endif /* CONFIG_TESTING_OPTIONS */
2570
2571 fc = le_to_host16(mgmt->frame_control);
2572 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
2573
2574 if (reassoc) {
2575 capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info);
2576 listen_interval = le_to_host16(
2577 mgmt->u.reassoc_req.listen_interval);
2578 wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR
2579 " capab_info=0x%02x listen_interval=%d current_ap="
2580 MACSTR " seq_ctrl=0x%x%s",
2581 MAC2STR(mgmt->sa), capab_info, listen_interval,
2582 MAC2STR(mgmt->u.reassoc_req.current_ap),
2583 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
2584 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req));
2585 pos = mgmt->u.reassoc_req.variable;
2586 } else {
2587 capab_info = le_to_host16(mgmt->u.assoc_req.capab_info);
2588 listen_interval = le_to_host16(
2589 mgmt->u.assoc_req.listen_interval);
2590 wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR
2591 " capab_info=0x%02x listen_interval=%d "
2592 "seq_ctrl=0x%x%s",
2593 MAC2STR(mgmt->sa), capab_info, listen_interval,
2594 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
2595 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req));
2596 pos = mgmt->u.assoc_req.variable;
2597 }
2598
2599 sta = ap_get_sta(hapd, mgmt->sa);
2600 #ifdef CONFIG_IEEE80211R_AP
2601 if (sta && sta->auth_alg == WLAN_AUTH_FT &&
2602 (sta->flags & WLAN_STA_AUTH) == 0) {
2603 wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate "
2604 "prior to authentication since it is using "
2605 "over-the-DS FT", MAC2STR(mgmt->sa));
2606
2607 /*
2608 * Mark station as authenticated, to avoid adding station
2609 * entry in the driver as associated and not authenticated
2610 */
2611 sta->flags |= WLAN_STA_AUTH;
2612 } else
2613 #endif /* CONFIG_IEEE80211R_AP */
2614 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) {
2615 if (hapd->iface->current_mode &&
2616 hapd->iface->current_mode->mode ==
2617 HOSTAPD_MODE_IEEE80211AD) {
2618 int acl_res;
2619 u32 session_timeout, acct_interim_interval;
2620 struct vlan_description vlan_id;
2621
2622 acl_res = ieee802_11_allowed_address(
2623 hapd, mgmt->sa, (const u8 *) mgmt, len,
2624 &session_timeout, &acct_interim_interval,
2625 &vlan_id, &psk, &identity, &radius_cui);
2626 if (acl_res == HOSTAPD_ACL_REJECT) {
2627 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
2628 goto fail;
2629 }
2630 if (acl_res == HOSTAPD_ACL_PENDING)
2631 return;
2632
2633 /* DMG/IEEE 802.11ad does not use authentication.
2634 * Allocate sta entry upon association. */
2635 sta = ap_sta_add(hapd, mgmt->sa);
2636 if (!sta) {
2637 hostapd_logger(hapd, mgmt->sa,
2638 HOSTAPD_MODULE_IEEE80211,
2639 HOSTAPD_LEVEL_INFO,
2640 "Failed to add STA");
2641 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
2642 goto fail;
2643 }
2644
2645 acl_res = ieee802_11_set_radius_info(
2646 hapd, sta, acl_res, session_timeout,
2647 acct_interim_interval, &vlan_id, &psk,
2648 &identity, &radius_cui);
2649 if (acl_res) {
2650 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
2651 goto fail;
2652 }
2653
2654 hostapd_logger(hapd, sta->addr,
2655 HOSTAPD_MODULE_IEEE80211,
2656 HOSTAPD_LEVEL_DEBUG,
2657 "Skip authentication for DMG/IEEE 802.11ad");
2658 sta->flags |= WLAN_STA_AUTH;
2659 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
2660 sta->auth_alg = WLAN_AUTH_OPEN;
2661 } else {
2662 hostapd_logger(hapd, mgmt->sa,
2663 HOSTAPD_MODULE_IEEE80211,
2664 HOSTAPD_LEVEL_INFO,
2665 "Station tried to associate before authentication (aid=%d flags=0x%x)",
2666 sta ? sta->aid : -1,
2667 sta ? sta->flags : 0);
2668 send_deauth(hapd, mgmt->sa,
2669 WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA);
2670 return;
2671 }
2672 }
2673
2674 if ((fc & WLAN_FC_RETRY) &&
2675 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
2676 sta->last_seq_ctrl == seq_ctrl &&
2677 sta->last_subtype == (reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
2678 WLAN_FC_STYPE_ASSOC_REQ)) {
2679 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2680 HOSTAPD_LEVEL_DEBUG,
2681 "Drop repeated association frame seq_ctrl=0x%x",
2682 seq_ctrl);
2683 return;
2684 }
2685 sta->last_seq_ctrl = seq_ctrl;
2686 sta->last_subtype = reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
2687 WLAN_FC_STYPE_ASSOC_REQ;
2688
2689 if (hapd->tkip_countermeasures) {
2690 resp = WLAN_REASON_MICHAEL_MIC_FAILURE;
2691 goto fail;
2692 }
2693
2694 if (listen_interval > hapd->conf->max_listen_interval) {
2695 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
2696 HOSTAPD_LEVEL_DEBUG,
2697 "Too large Listen Interval (%d)",
2698 listen_interval);
2699 resp = WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE;
2700 goto fail;
2701 }
2702
2703 #ifdef CONFIG_MBO
2704 if (hapd->conf->mbo_enabled && hapd->mbo_assoc_disallow) {
2705 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
2706 goto fail;
2707 }
2708 #endif /* CONFIG_MBO */
2709
2710 /*
2711 * sta->capability is used in check_assoc_ies() for RRM enabled
2712 * capability element.
2713 */
2714 sta->capability = capab_info;
2715
2716 #ifdef CONFIG_FILS
2717 if (sta->auth_alg == WLAN_AUTH_FILS_SK ||
2718 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
2719 sta->auth_alg == WLAN_AUTH_FILS_PK) {
2720 /* The end of the payload is encrypted. Need to decrypt it
2721 * before parsing. */
2722
2723 tmp = os_malloc(left);
2724 if (!tmp) {
2725 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
2726 goto fail;
2727 }
2728 os_memcpy(tmp, pos, left);
2729
2730 left = fils_decrypt_assoc(sta->wpa_sm, sta->fils_session, mgmt,
2731 len, tmp, left);
2732 if (left < 0) {
2733 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
2734 goto fail;
2735 }
2736 pos = tmp;
2737 }
2738 #endif /* CONFIG_FILS */
2739
2740 /* followed by SSID and Supported rates; and HT capabilities if 802.11n
2741 * is used */
2742 resp = check_assoc_ies(hapd, sta, pos, left, reassoc);
2743 if (resp != WLAN_STATUS_SUCCESS)
2744 goto fail;
2745
2746 if (hostapd_get_aid(hapd, sta) < 0) {
2747 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
2748 HOSTAPD_LEVEL_INFO, "No room for more AIDs");
2749 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
2750 goto fail;
2751 }
2752
2753 sta->listen_interval = listen_interval;
2754
2755 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G)
2756 sta->flags |= WLAN_STA_NONERP;
2757 for (i = 0; i < sta->supported_rates_len; i++) {
2758 if ((sta->supported_rates[i] & 0x7f) > 22) {
2759 sta->flags &= ~WLAN_STA_NONERP;
2760 break;
2761 }
2762 }
2763 if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) {
2764 sta->nonerp_set = 1;
2765 hapd->iface->num_sta_non_erp++;
2766 if (hapd->iface->num_sta_non_erp == 1)
2767 ieee802_11_set_beacons(hapd->iface);
2768 }
2769
2770 if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) &&
2771 !sta->no_short_slot_time_set) {
2772 sta->no_short_slot_time_set = 1;
2773 hapd->iface->num_sta_no_short_slot_time++;
2774 if (hapd->iface->current_mode->mode ==
2775 HOSTAPD_MODE_IEEE80211G &&
2776 hapd->iface->num_sta_no_short_slot_time == 1)
2777 ieee802_11_set_beacons(hapd->iface);
2778 }
2779
2780 if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE)
2781 sta->flags |= WLAN_STA_SHORT_PREAMBLE;
2782 else
2783 sta->flags &= ~WLAN_STA_SHORT_PREAMBLE;
2784
2785 if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) &&
2786 !sta->no_short_preamble_set) {
2787 sta->no_short_preamble_set = 1;
2788 hapd->iface->num_sta_no_short_preamble++;
2789 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
2790 && hapd->iface->num_sta_no_short_preamble == 1)
2791 ieee802_11_set_beacons(hapd->iface);
2792 }
2793
2794 #ifdef CONFIG_IEEE80211N
2795 update_ht_state(hapd, sta);
2796 #endif /* CONFIG_IEEE80211N */
2797
2798 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2799 HOSTAPD_LEVEL_DEBUG,
2800 "association OK (aid %d)", sta->aid);
2801 /* Station will be marked associated, after it acknowledges AssocResp
2802 */
2803 sta->flags |= WLAN_STA_ASSOC_REQ_OK;
2804
2805 #ifdef CONFIG_IEEE80211W
2806 if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) {
2807 wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out "
2808 "SA Query procedure", reassoc ? "re" : "");
2809 /* TODO: Send a protected Disassociate frame to the STA using
2810 * the old key and Reason Code "Previous Authentication no
2811 * longer valid". Make sure this is only sent protected since
2812 * unprotected frame would be received by the STA that is now
2813 * trying to associate.
2814 */
2815 }
2816 #endif /* CONFIG_IEEE80211W */
2817
2818 /* Make sure that the previously registered inactivity timer will not
2819 * remove the STA immediately. */
2820 sta->timeout_next = STA_NULLFUNC;
2821
2822 #ifdef CONFIG_TAXONOMY
2823 taxonomy_sta_info_assoc_req(hapd, sta, pos, left);
2824 #endif /* CONFIG_TAXONOMY */
2825
2826 sta->pending_wds_enable = 0;
2827
2828 #ifdef CONFIG_FILS
2829 if (sta->auth_alg == WLAN_AUTH_FILS_SK ||
2830 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
2831 sta->auth_alg == WLAN_AUTH_FILS_PK) {
2832 if (fils_process_hlp(hapd, sta, pos, left) > 0)
2833 delay_assoc = 1;
2834 }
2835 #endif /* CONFIG_FILS */
2836
2837 fail:
2838 os_free(identity);
2839 os_free(radius_cui);
2840 hostapd_free_psk_list(psk);
2841
2842 /*
2843 * In case of a successful response, add the station to the driver.
2844 * Otherwise, the kernel may ignore Data frames before we process the
2845 * ACK frame (TX status). In case of a failure, this station will be
2846 * removed.
2847 *
2848 * Note that this is not compliant with the IEEE 802.11 standard that
2849 * states that a non-AP station should transition into the
2850 * authenticated/associated state only after the station acknowledges
2851 * the (Re)Association Response frame. However, still do this as:
2852 *
2853 * 1. In case the station does not acknowledge the (Re)Association
2854 * Response frame, it will be removed.
2855 * 2. Data frames will be dropped in the kernel until the station is
2856 * set into authorized state, and there are no significant known
2857 * issues with processing other non-Data Class 3 frames during this
2858 * window.
2859 */
2860 if (resp == WLAN_STATUS_SUCCESS && sta && add_associated_sta(hapd, sta))
2861 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
2862
2863 #ifdef CONFIG_FILS
2864 if (sta) {
2865 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
2866 os_free(sta->fils_pending_assoc_req);
2867 sta->fils_pending_assoc_req = NULL;
2868 sta->fils_pending_assoc_req_len = 0;
2869 wpabuf_free(sta->fils_hlp_resp);
2870 sta->fils_hlp_resp = NULL;
2871 }
2872 if (sta && delay_assoc && resp == WLAN_STATUS_SUCCESS) {
2873 sta->fils_pending_assoc_req = tmp;
2874 sta->fils_pending_assoc_req_len = left;
2875 sta->fils_pending_assoc_is_reassoc = reassoc;
2876 wpa_printf(MSG_DEBUG,
2877 "FILS: Waiting for HLP processing before sending (Re)Association Response frame to "
2878 MACSTR, MAC2STR(sta->addr));
2879 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
2880 eloop_register_timeout(0, hapd->conf->fils_hlp_wait_time * 1024,
2881 fils_hlp_timeout, hapd, sta);
2882 return;
2883 }
2884 #endif /* CONFIG_FILS */
2885
2886 reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc, pos,
2887 left);
2888 os_free(tmp);
2889
2890 /*
2891 * Remove the station in case tranmission of a success response fails
2892 * (the STA was added associated to the driver) or if the station was
2893 * previously added unassociated.
2894 */
2895 if (sta && ((reply_res != WLAN_STATUS_SUCCESS &&
2896 resp == WLAN_STATUS_SUCCESS) || sta->added_unassoc)) {
2897 hostapd_drv_sta_remove(hapd, sta->addr);
2898 sta->added_unassoc = 0;
2899 }
2900 }
2901
2902
handle_disassoc(struct hostapd_data * hapd,const struct ieee80211_mgmt * mgmt,size_t len)2903 static void handle_disassoc(struct hostapd_data *hapd,
2904 const struct ieee80211_mgmt *mgmt, size_t len)
2905 {
2906 struct sta_info *sta;
2907
2908 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) {
2909 wpa_printf(MSG_INFO, "handle_disassoc - too short payload (len=%lu)",
2910 (unsigned long) len);
2911 return;
2912 }
2913
2914 wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
2915 MAC2STR(mgmt->sa),
2916 le_to_host16(mgmt->u.disassoc.reason_code));
2917
2918 sta = ap_get_sta(hapd, mgmt->sa);
2919 if (sta == NULL) {
2920 wpa_printf(MSG_INFO, "Station " MACSTR " trying to disassociate, but it is not associated",
2921 MAC2STR(mgmt->sa));
2922 return;
2923 }
2924
2925 ap_sta_set_authorized(hapd, sta, 0);
2926 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
2927 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
2928 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC);
2929 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2930 HOSTAPD_LEVEL_INFO, "disassociated");
2931 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
2932 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
2933 /* Stop Accounting and IEEE 802.1X sessions, but leave the STA
2934 * authenticated. */
2935 accounting_sta_stop(hapd, sta);
2936 ieee802_1x_free_station(hapd, sta);
2937 if (sta->ipaddr)
2938 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
2939 ap_sta_ip6addr_del(hapd, sta);
2940 hostapd_drv_sta_remove(hapd, sta->addr);
2941 sta->added_unassoc = 0;
2942
2943 if (sta->timeout_next == STA_NULLFUNC ||
2944 sta->timeout_next == STA_DISASSOC) {
2945 sta->timeout_next = STA_DEAUTH;
2946 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
2947 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
2948 hapd, sta);
2949 }
2950
2951 mlme_disassociate_indication(
2952 hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code));
2953
2954 /* DMG/IEEE 802.11ad does not use deauthication. Deallocate sta upon
2955 * disassociation. */
2956 if (hapd->iface->current_mode &&
2957 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
2958 sta->flags &= ~WLAN_STA_AUTH;
2959 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
2960 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2961 HOSTAPD_LEVEL_DEBUG, "deauthenticated");
2962 ap_free_sta(hapd, sta);
2963 }
2964 }
2965
2966
handle_deauth(struct hostapd_data * hapd,const struct ieee80211_mgmt * mgmt,size_t len)2967 static void handle_deauth(struct hostapd_data *hapd,
2968 const struct ieee80211_mgmt *mgmt, size_t len)
2969 {
2970 struct sta_info *sta;
2971
2972 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) {
2973 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "handle_deauth - too short "
2974 "payload (len=%lu)", (unsigned long) len);
2975 return;
2976 }
2977
2978 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "deauthentication: STA=" MACSTR
2979 " reason_code=%d",
2980 MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code));
2981
2982 sta = ap_get_sta(hapd, mgmt->sa);
2983 if (sta == NULL) {
2984 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
2985 "to deauthenticate, but it is not authenticated",
2986 MAC2STR(mgmt->sa));
2987 return;
2988 }
2989
2990 ap_sta_set_authorized(hapd, sta, 0);
2991 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
2992 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC |
2993 WLAN_STA_ASSOC_REQ_OK);
2994 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
2995 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2996 HOSTAPD_LEVEL_DEBUG, "deauthenticated");
2997 mlme_deauthenticate_indication(
2998 hapd, sta, le_to_host16(mgmt->u.deauth.reason_code));
2999 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
3000 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
3001 ap_free_sta(hapd, sta);
3002 }
3003
3004
handle_beacon(struct hostapd_data * hapd,const struct ieee80211_mgmt * mgmt,size_t len,struct hostapd_frame_info * fi)3005 static void handle_beacon(struct hostapd_data *hapd,
3006 const struct ieee80211_mgmt *mgmt, size_t len,
3007 struct hostapd_frame_info *fi)
3008 {
3009 struct ieee802_11_elems elems;
3010
3011 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) {
3012 wpa_printf(MSG_INFO, "handle_beacon - too short payload (len=%lu)",
3013 (unsigned long) len);
3014 return;
3015 }
3016
3017 (void) ieee802_11_parse_elems(mgmt->u.beacon.variable,
3018 len - (IEEE80211_HDRLEN +
3019 sizeof(mgmt->u.beacon)), &elems,
3020 0);
3021
3022 ap_list_process_beacon(hapd->iface, mgmt, &elems, fi);
3023 }
3024
3025
3026 #ifdef CONFIG_IEEE80211W
3027
hostapd_sa_query_action(struct hostapd_data * hapd,const struct ieee80211_mgmt * mgmt,size_t len)3028 static int hostapd_sa_query_action(struct hostapd_data *hapd,
3029 const struct ieee80211_mgmt *mgmt,
3030 size_t len)
3031 {
3032 const u8 *end;
3033
3034 end = mgmt->u.action.u.sa_query_resp.trans_id +
3035 WLAN_SA_QUERY_TR_ID_LEN;
3036 if (((u8 *) mgmt) + len < end) {
3037 wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action "
3038 "frame (len=%lu)", (unsigned long) len);
3039 return 0;
3040 }
3041
3042 ieee802_11_sa_query_action(hapd, mgmt->sa,
3043 mgmt->u.action.u.sa_query_resp.action,
3044 mgmt->u.action.u.sa_query_resp.trans_id);
3045 return 1;
3046 }
3047
3048
robust_action_frame(u8 category)3049 static int robust_action_frame(u8 category)
3050 {
3051 return category != WLAN_ACTION_PUBLIC &&
3052 category != WLAN_ACTION_HT;
3053 }
3054 #endif /* CONFIG_IEEE80211W */
3055
3056
handle_action(struct hostapd_data * hapd,const struct ieee80211_mgmt * mgmt,size_t len)3057 static int handle_action(struct hostapd_data *hapd,
3058 const struct ieee80211_mgmt *mgmt, size_t len)
3059 {
3060 struct sta_info *sta;
3061 sta = ap_get_sta(hapd, mgmt->sa);
3062
3063 if (len < IEEE80211_HDRLEN + 1) {
3064 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3065 HOSTAPD_LEVEL_DEBUG,
3066 "handle_action - too short payload (len=%lu)",
3067 (unsigned long) len);
3068 return 0;
3069 }
3070
3071 if (mgmt->u.action.category != WLAN_ACTION_PUBLIC &&
3072 (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) {
3073 wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action "
3074 "frame (category=%u) from unassociated STA " MACSTR,
3075 mgmt->u.action.category, MAC2STR(mgmt->sa));
3076 return 0;
3077 }
3078
3079 #ifdef CONFIG_IEEE80211W
3080 if (sta && (sta->flags & WLAN_STA_MFP) &&
3081 !(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP)) &&
3082 robust_action_frame(mgmt->u.action.category)) {
3083 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3084 HOSTAPD_LEVEL_DEBUG,
3085 "Dropped unprotected Robust Action frame from "
3086 "an MFP STA");
3087 return 0;
3088 }
3089 #endif /* CONFIG_IEEE80211W */
3090
3091 if (sta) {
3092 u16 fc = le_to_host16(mgmt->frame_control);
3093 u16 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
3094
3095 if ((fc & WLAN_FC_RETRY) &&
3096 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
3097 sta->last_seq_ctrl == seq_ctrl &&
3098 sta->last_subtype == WLAN_FC_STYPE_ACTION) {
3099 hostapd_logger(hapd, sta->addr,
3100 HOSTAPD_MODULE_IEEE80211,
3101 HOSTAPD_LEVEL_DEBUG,
3102 "Drop repeated action frame seq_ctrl=0x%x",
3103 seq_ctrl);
3104 return 1;
3105 }
3106
3107 sta->last_seq_ctrl = seq_ctrl;
3108 sta->last_subtype = WLAN_FC_STYPE_ACTION;
3109 }
3110
3111 switch (mgmt->u.action.category) {
3112 #ifdef CONFIG_IEEE80211R_AP
3113 case WLAN_ACTION_FT:
3114 if (!sta ||
3115 wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action,
3116 len - IEEE80211_HDRLEN))
3117 break;
3118 return 1;
3119 #endif /* CONFIG_IEEE80211R_AP */
3120 case WLAN_ACTION_WMM:
3121 hostapd_wmm_action(hapd, mgmt, len);
3122 return 1;
3123 #ifdef CONFIG_IEEE80211W
3124 case WLAN_ACTION_SA_QUERY:
3125 return hostapd_sa_query_action(hapd, mgmt, len);
3126 #endif /* CONFIG_IEEE80211W */
3127 #ifdef CONFIG_WNM
3128 case WLAN_ACTION_WNM:
3129 ieee802_11_rx_wnm_action_ap(hapd, mgmt, len);
3130 return 1;
3131 #endif /* CONFIG_WNM */
3132 #ifdef CONFIG_FST
3133 case WLAN_ACTION_FST:
3134 if (hapd->iface->fst)
3135 fst_rx_action(hapd->iface->fst, mgmt, len);
3136 else
3137 wpa_printf(MSG_DEBUG,
3138 "FST: Ignore FST Action frame - no FST attached");
3139 return 1;
3140 #endif /* CONFIG_FST */
3141 case WLAN_ACTION_PUBLIC:
3142 case WLAN_ACTION_PROTECTED_DUAL:
3143 #ifdef CONFIG_IEEE80211N
3144 if (len >= IEEE80211_HDRLEN + 2 &&
3145 mgmt->u.action.u.public_action.action ==
3146 WLAN_PA_20_40_BSS_COEX) {
3147 wpa_printf(MSG_DEBUG,
3148 "HT20/40 coex mgmt frame received from STA "
3149 MACSTR, MAC2STR(mgmt->sa));
3150 hostapd_2040_coex_action(hapd, mgmt, len);
3151 }
3152 #endif /* CONFIG_IEEE80211N */
3153 if (hapd->public_action_cb) {
3154 hapd->public_action_cb(hapd->public_action_cb_ctx,
3155 (u8 *) mgmt, len,
3156 hapd->iface->freq);
3157 }
3158 if (hapd->public_action_cb2) {
3159 hapd->public_action_cb2(hapd->public_action_cb2_ctx,
3160 (u8 *) mgmt, len,
3161 hapd->iface->freq);
3162 }
3163 if (hapd->public_action_cb || hapd->public_action_cb2)
3164 return 1;
3165 break;
3166 case WLAN_ACTION_VENDOR_SPECIFIC:
3167 if (hapd->vendor_action_cb) {
3168 if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx,
3169 (u8 *) mgmt, len,
3170 hapd->iface->freq) == 0)
3171 return 1;
3172 }
3173 break;
3174 case WLAN_ACTION_RADIO_MEASUREMENT:
3175 hostapd_handle_radio_measurement(hapd, (const u8 *) mgmt, len);
3176 return 1;
3177 }
3178
3179 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3180 HOSTAPD_LEVEL_DEBUG,
3181 "handle_action - unknown action category %d or invalid "
3182 "frame",
3183 mgmt->u.action.category);
3184 if (!is_multicast_ether_addr(mgmt->da) &&
3185 !(mgmt->u.action.category & 0x80) &&
3186 !is_multicast_ether_addr(mgmt->sa)) {
3187 struct ieee80211_mgmt *resp;
3188
3189 /*
3190 * IEEE 802.11-REVma/D9.0 - 7.3.1.11
3191 * Return the Action frame to the source without change
3192 * except that MSB of the Category set to 1.
3193 */
3194 wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action "
3195 "frame back to sender");
3196 resp = os_malloc(len);
3197 if (resp == NULL)
3198 return 0;
3199 os_memcpy(resp, mgmt, len);
3200 os_memcpy(resp->da, resp->sa, ETH_ALEN);
3201 os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN);
3202 os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN);
3203 resp->u.action.category |= 0x80;
3204
3205 if (hostapd_drv_send_mlme(hapd, resp, len, 0) < 0) {
3206 wpa_printf(MSG_ERROR, "IEEE 802.11: Failed to send "
3207 "Action frame");
3208 }
3209 os_free(resp);
3210 }
3211
3212 return 1;
3213 }
3214
3215
3216 /**
3217 * ieee802_11_mgmt - process incoming IEEE 802.11 management frames
3218 * @hapd: hostapd BSS data structure (the BSS to which the management frame was
3219 * sent to)
3220 * @buf: management frame data (starting from IEEE 802.11 header)
3221 * @len: length of frame data in octets
3222 * @fi: meta data about received frame (signal level, etc.)
3223 *
3224 * Process all incoming IEEE 802.11 management frames. This will be called for
3225 * each frame received from the kernel driver through wlan#ap interface. In
3226 * addition, it can be called to re-inserted pending frames (e.g., when using
3227 * external RADIUS server as an MAC ACL).
3228 */
ieee802_11_mgmt(struct hostapd_data * hapd,const u8 * buf,size_t len,struct hostapd_frame_info * fi)3229 int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
3230 struct hostapd_frame_info *fi)
3231 {
3232 struct ieee80211_mgmt *mgmt;
3233 u16 fc, stype;
3234 int ret = 0;
3235
3236 if (len < 24)
3237 return 0;
3238
3239 mgmt = (struct ieee80211_mgmt *) buf;
3240 fc = le_to_host16(mgmt->frame_control);
3241 stype = WLAN_FC_GET_STYPE(fc);
3242
3243 if (stype == WLAN_FC_STYPE_BEACON) {
3244 handle_beacon(hapd, mgmt, len, fi);
3245 return 1;
3246 }
3247
3248 if (!is_broadcast_ether_addr(mgmt->bssid) &&
3249 #ifdef CONFIG_P2P
3250 /* Invitation responses can be sent with the peer MAC as BSSID */
3251 !((hapd->conf->p2p & P2P_GROUP_OWNER) &&
3252 stype == WLAN_FC_STYPE_ACTION) &&
3253 #endif /* CONFIG_P2P */
3254 #ifdef CONFIG_MESH
3255 !(hapd->conf->mesh & MESH_ENABLED) &&
3256 #endif /* CONFIG_MESH */
3257 os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) {
3258 wpa_printf(MSG_INFO, "MGMT: BSSID=" MACSTR " not our address",
3259 MAC2STR(mgmt->bssid));
3260 return 0;
3261 }
3262
3263
3264 if (stype == WLAN_FC_STYPE_PROBE_REQ) {
3265 handle_probe_req(hapd, mgmt, len, fi->ssi_signal);
3266 return 1;
3267 }
3268
3269 if (os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) {
3270 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3271 HOSTAPD_LEVEL_DEBUG,
3272 "MGMT: DA=" MACSTR " not our address",
3273 MAC2STR(mgmt->da));
3274 return 0;
3275 }
3276
3277 if (hapd->iconf->track_sta_max_num)
3278 sta_track_add(hapd->iface, mgmt->sa, fi->ssi_signal);
3279
3280 switch (stype) {
3281 case WLAN_FC_STYPE_AUTH:
3282 wpa_printf(MSG_DEBUG, "mgmt::auth");
3283 handle_auth(hapd, mgmt, len);
3284 ret = 1;
3285 break;
3286 case WLAN_FC_STYPE_ASSOC_REQ:
3287 wpa_printf(MSG_DEBUG, "mgmt::assoc_req");
3288 handle_assoc(hapd, mgmt, len, 0);
3289 ret = 1;
3290 break;
3291 case WLAN_FC_STYPE_REASSOC_REQ:
3292 wpa_printf(MSG_DEBUG, "mgmt::reassoc_req");
3293 handle_assoc(hapd, mgmt, len, 1);
3294 ret = 1;
3295 break;
3296 case WLAN_FC_STYPE_DISASSOC:
3297 wpa_printf(MSG_DEBUG, "mgmt::disassoc");
3298 handle_disassoc(hapd, mgmt, len);
3299 ret = 1;
3300 break;
3301 case WLAN_FC_STYPE_DEAUTH:
3302 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth");
3303 handle_deauth(hapd, mgmt, len);
3304 ret = 1;
3305 break;
3306 case WLAN_FC_STYPE_ACTION:
3307 wpa_printf(MSG_DEBUG, "mgmt::action");
3308 ret = handle_action(hapd, mgmt, len);
3309 break;
3310 default:
3311 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3312 HOSTAPD_LEVEL_DEBUG,
3313 "unknown mgmt frame subtype %d", stype);
3314 break;
3315 }
3316
3317 return ret;
3318 }
3319
3320
handle_auth_cb(struct hostapd_data * hapd,const struct ieee80211_mgmt * mgmt,size_t len,int ok)3321 static void handle_auth_cb(struct hostapd_data *hapd,
3322 const struct ieee80211_mgmt *mgmt,
3323 size_t len, int ok)
3324 {
3325 u16 auth_alg, auth_transaction, status_code;
3326 struct sta_info *sta;
3327
3328 sta = ap_get_sta(hapd, mgmt->da);
3329 if (!sta) {
3330 wpa_printf(MSG_INFO, "handle_auth_cb: STA " MACSTR " not found",
3331 MAC2STR(mgmt->da));
3332 return;
3333 }
3334
3335 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
3336 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
3337 status_code = le_to_host16(mgmt->u.auth.status_code);
3338
3339 if (!ok) {
3340 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
3341 HOSTAPD_LEVEL_NOTICE,
3342 "did not acknowledge authentication response");
3343 goto fail;
3344 }
3345
3346 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
3347 wpa_printf(MSG_INFO, "handle_auth_cb - too short payload (len=%lu)",
3348 (unsigned long) len);
3349 goto fail;
3350 }
3351
3352 if (status_code == WLAN_STATUS_SUCCESS &&
3353 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) ||
3354 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) {
3355 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3356 HOSTAPD_LEVEL_INFO, "authenticated");
3357 sta->flags |= WLAN_STA_AUTH;
3358 if (sta->added_unassoc)
3359 hostapd_set_sta_flags(hapd, sta);
3360 return;
3361 }
3362
3363 fail:
3364 if (status_code != WLAN_STATUS_SUCCESS && sta->added_unassoc) {
3365 hostapd_drv_sta_remove(hapd, sta->addr);
3366 sta->added_unassoc = 0;
3367 }
3368 }
3369
3370
hostapd_set_wds_encryption(struct hostapd_data * hapd,struct sta_info * sta,char * ifname_wds)3371 static void hostapd_set_wds_encryption(struct hostapd_data *hapd,
3372 struct sta_info *sta,
3373 char *ifname_wds)
3374 {
3375 int i;
3376 struct hostapd_ssid *ssid = &hapd->conf->ssid;
3377
3378 if (hapd->conf->ieee802_1x || hapd->conf->wpa)
3379 return;
3380
3381 for (i = 0; i < 4; i++) {
3382 if (ssid->wep.key[i] &&
3383 hostapd_drv_set_key(ifname_wds, hapd, WPA_ALG_WEP, NULL, i,
3384 i == ssid->wep.idx, NULL, 0,
3385 ssid->wep.key[i], ssid->wep.len[i])) {
3386 wpa_printf(MSG_WARNING,
3387 "Could not set WEP keys for WDS interface; %s",
3388 ifname_wds);
3389 break;
3390 }
3391 }
3392 }
3393
3394
handle_assoc_cb(struct hostapd_data * hapd,const struct ieee80211_mgmt * mgmt,size_t len,int reassoc,int ok)3395 static void handle_assoc_cb(struct hostapd_data *hapd,
3396 const struct ieee80211_mgmt *mgmt,
3397 size_t len, int reassoc, int ok)
3398 {
3399 u16 status;
3400 struct sta_info *sta;
3401 int new_assoc = 1;
3402
3403 sta = ap_get_sta(hapd, mgmt->da);
3404 if (!sta) {
3405 wpa_printf(MSG_INFO, "handle_assoc_cb: STA " MACSTR " not found",
3406 MAC2STR(mgmt->da));
3407 return;
3408 }
3409
3410 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) :
3411 sizeof(mgmt->u.assoc_resp))) {
3412 wpa_printf(MSG_INFO,
3413 "handle_assoc_cb(reassoc=%d) - too short payload (len=%lu)",
3414 reassoc, (unsigned long) len);
3415 hostapd_drv_sta_remove(hapd, sta->addr);
3416 return;
3417 }
3418
3419 if (reassoc)
3420 status = le_to_host16(mgmt->u.reassoc_resp.status_code);
3421 else
3422 status = le_to_host16(mgmt->u.assoc_resp.status_code);
3423
3424 if (!ok) {
3425 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
3426 HOSTAPD_LEVEL_DEBUG,
3427 "did not acknowledge association response");
3428 sta->flags &= ~WLAN_STA_ASSOC_REQ_OK;
3429 /* The STA is added only in case of SUCCESS */
3430 if (status == WLAN_STATUS_SUCCESS)
3431 hostapd_drv_sta_remove(hapd, sta->addr);
3432
3433 return;
3434 }
3435
3436 if (status != WLAN_STATUS_SUCCESS)
3437 return;
3438
3439 /* Stop previous accounting session, if one is started, and allocate
3440 * new session id for the new session. */
3441 accounting_sta_stop(hapd, sta);
3442
3443 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3444 HOSTAPD_LEVEL_INFO,
3445 "associated (aid %d)",
3446 sta->aid);
3447
3448 if (sta->flags & WLAN_STA_ASSOC)
3449 new_assoc = 0;
3450 sta->flags |= WLAN_STA_ASSOC;
3451 sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE;
3452 if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa &&
3453 !hapd->conf->osen) ||
3454 sta->auth_alg == WLAN_AUTH_FILS_SK ||
3455 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
3456 sta->auth_alg == WLAN_AUTH_FILS_PK ||
3457 sta->auth_alg == WLAN_AUTH_FT) {
3458 /*
3459 * Open, static WEP, FT protocol, or FILS; no separate
3460 * authorization step.
3461 */
3462 ap_sta_set_authorized(hapd, sta, 1);
3463 }
3464
3465 if (reassoc)
3466 mlme_reassociate_indication(hapd, sta);
3467 else
3468 mlme_associate_indication(hapd, sta);
3469
3470 #ifdef CONFIG_IEEE80211W
3471 sta->sa_query_timed_out = 0;
3472 #endif /* CONFIG_IEEE80211W */
3473
3474 if (sta->eapol_sm == NULL) {
3475 /*
3476 * This STA does not use RADIUS server for EAP authentication,
3477 * so bind it to the selected VLAN interface now, since the
3478 * interface selection is not going to change anymore.
3479 */
3480 if (ap_sta_bind_vlan(hapd, sta) < 0)
3481 return;
3482 } else if (sta->vlan_id) {
3483 /* VLAN ID already set (e.g., by PMKSA caching), so bind STA */
3484 if (ap_sta_bind_vlan(hapd, sta) < 0)
3485 return;
3486 }
3487
3488 hostapd_set_sta_flags(hapd, sta);
3489
3490 if (!(sta->flags & WLAN_STA_WDS) && sta->pending_wds_enable) {
3491 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for STA "
3492 MACSTR " based on pending request",
3493 MAC2STR(sta->addr));
3494 sta->pending_wds_enable = 0;
3495 sta->flags |= WLAN_STA_WDS;
3496 }
3497
3498 if (sta->flags & WLAN_STA_WDS) {
3499 int ret;
3500 char ifname_wds[IFNAMSIZ + 1];
3501
3502 wpa_printf(MSG_DEBUG, "Reenable 4-address WDS mode for STA "
3503 MACSTR " (aid %u)",
3504 MAC2STR(sta->addr), sta->aid);
3505 ret = hostapd_set_wds_sta(hapd, ifname_wds, sta->addr,
3506 sta->aid, 1);
3507 if (!ret)
3508 hostapd_set_wds_encryption(hapd, sta, ifname_wds);
3509 }
3510
3511 if (sta->auth_alg == WLAN_AUTH_FT)
3512 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT);
3513 else
3514 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC);
3515 hapd->new_assoc_sta_cb(hapd, sta, !new_assoc);
3516 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
3517
3518 #ifdef CONFIG_FILS
3519 if ((sta->auth_alg == WLAN_AUTH_FILS_SK ||
3520 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
3521 sta->auth_alg == WLAN_AUTH_FILS_PK) &&
3522 fils_set_tk(sta->wpa_sm) < 0) {
3523 wpa_printf(MSG_DEBUG, "FILS: TK configuration failed");
3524 ap_sta_disconnect(hapd, sta, sta->addr,
3525 WLAN_REASON_UNSPECIFIED);
3526 return;
3527 }
3528 #endif /* CONFIG_FILS */
3529
3530 if (sta->pending_eapol_rx) {
3531 struct os_reltime now, age;
3532
3533 os_get_reltime(&now);
3534 os_reltime_sub(&now, &sta->pending_eapol_rx->rx_time, &age);
3535 if (age.sec == 0 && age.usec < 200000) {
3536 wpa_printf(MSG_DEBUG,
3537 "Process pending EAPOL frame that was received from " MACSTR " just before association notification",
3538 MAC2STR(sta->addr));
3539 ieee802_1x_receive(
3540 hapd, mgmt->da,
3541 wpabuf_head(sta->pending_eapol_rx->buf),
3542 wpabuf_len(sta->pending_eapol_rx->buf));
3543 }
3544 wpabuf_free(sta->pending_eapol_rx->buf);
3545 os_free(sta->pending_eapol_rx);
3546 sta->pending_eapol_rx = NULL;
3547 }
3548 }
3549
3550
handle_deauth_cb(struct hostapd_data * hapd,const struct ieee80211_mgmt * mgmt,size_t len,int ok)3551 static void handle_deauth_cb(struct hostapd_data *hapd,
3552 const struct ieee80211_mgmt *mgmt,
3553 size_t len, int ok)
3554 {
3555 struct sta_info *sta;
3556 if (is_multicast_ether_addr(mgmt->da))
3557 return;
3558 sta = ap_get_sta(hapd, mgmt->da);
3559 if (!sta) {
3560 wpa_printf(MSG_DEBUG, "handle_deauth_cb: STA " MACSTR
3561 " not found", MAC2STR(mgmt->da));
3562 return;
3563 }
3564 if (ok)
3565 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged deauth",
3566 MAC2STR(sta->addr));
3567 else
3568 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge "
3569 "deauth", MAC2STR(sta->addr));
3570
3571 ap_sta_deauth_cb(hapd, sta);
3572 }
3573
3574
handle_disassoc_cb(struct hostapd_data * hapd,const struct ieee80211_mgmt * mgmt,size_t len,int ok)3575 static void handle_disassoc_cb(struct hostapd_data *hapd,
3576 const struct ieee80211_mgmt *mgmt,
3577 size_t len, int ok)
3578 {
3579 struct sta_info *sta;
3580 if (is_multicast_ether_addr(mgmt->da))
3581 return;
3582 sta = ap_get_sta(hapd, mgmt->da);
3583 if (!sta) {
3584 wpa_printf(MSG_DEBUG, "handle_disassoc_cb: STA " MACSTR
3585 " not found", MAC2STR(mgmt->da));
3586 return;
3587 }
3588 if (ok)
3589 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged disassoc",
3590 MAC2STR(sta->addr));
3591 else
3592 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge "
3593 "disassoc", MAC2STR(sta->addr));
3594
3595 ap_sta_disassoc_cb(hapd, sta);
3596 }
3597
3598
handle_action_cb(struct hostapd_data * hapd,const struct ieee80211_mgmt * mgmt,size_t len,int ok)3599 static void handle_action_cb(struct hostapd_data *hapd,
3600 const struct ieee80211_mgmt *mgmt,
3601 size_t len, int ok)
3602 {
3603 struct sta_info *sta;
3604 const struct rrm_measurement_report_element *report;
3605
3606 if (is_multicast_ether_addr(mgmt->da))
3607 return;
3608 sta = ap_get_sta(hapd, mgmt->da);
3609 if (!sta) {
3610 wpa_printf(MSG_DEBUG, "handle_action_cb: STA " MACSTR
3611 " not found", MAC2STR(mgmt->da));
3612 return;
3613 }
3614
3615 if (len < 24 + 5 + sizeof(*report))
3616 return;
3617 report = (const struct rrm_measurement_report_element *)
3618 &mgmt->u.action.u.rrm.variable[2];
3619 if (mgmt->u.action.category == WLAN_ACTION_RADIO_MEASUREMENT &&
3620 mgmt->u.action.u.rrm.action == WLAN_RRM_RADIO_MEASUREMENT_REQUEST &&
3621 report->eid == WLAN_EID_MEASURE_REQUEST &&
3622 report->len >= 3 &&
3623 report->type == MEASURE_TYPE_BEACON)
3624 hostapd_rrm_beacon_req_tx_status(hapd, mgmt, len, ok);
3625 }
3626
3627
3628 /**
3629 * ieee802_11_mgmt_cb - Process management frame TX status callback
3630 * @hapd: hostapd BSS data structure (the BSS from which the management frame
3631 * was sent from)
3632 * @buf: management frame data (starting from IEEE 802.11 header)
3633 * @len: length of frame data in octets
3634 * @stype: management frame subtype from frame control field
3635 * @ok: Whether the frame was ACK'ed
3636 */
ieee802_11_mgmt_cb(struct hostapd_data * hapd,const u8 * buf,size_t len,u16 stype,int ok)3637 void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len,
3638 u16 stype, int ok)
3639 {
3640 const struct ieee80211_mgmt *mgmt;
3641 mgmt = (const struct ieee80211_mgmt *) buf;
3642
3643 #ifdef CONFIG_TESTING_OPTIONS
3644 if (hapd->ext_mgmt_frame_handling) {
3645 wpa_msg(hapd->msg_ctx, MSG_INFO, "MGMT-TX-STATUS stype=%u ok=%d",
3646 stype, ok);
3647 return;
3648 }
3649 #endif /* CONFIG_TESTING_OPTIONS */
3650
3651 switch (stype) {
3652 case WLAN_FC_STYPE_AUTH:
3653 wpa_printf(MSG_DEBUG, "mgmt::auth cb");
3654 handle_auth_cb(hapd, mgmt, len, ok);
3655 break;
3656 case WLAN_FC_STYPE_ASSOC_RESP:
3657 wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb");
3658 handle_assoc_cb(hapd, mgmt, len, 0, ok);
3659 break;
3660 case WLAN_FC_STYPE_REASSOC_RESP:
3661 wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb");
3662 handle_assoc_cb(hapd, mgmt, len, 1, ok);
3663 break;
3664 case WLAN_FC_STYPE_PROBE_RESP:
3665 wpa_printf(MSG_EXCESSIVE, "mgmt::proberesp cb ok=%d", ok);
3666 break;
3667 case WLAN_FC_STYPE_DEAUTH:
3668 wpa_printf(MSG_DEBUG, "mgmt::deauth cb");
3669 handle_deauth_cb(hapd, mgmt, len, ok);
3670 break;
3671 case WLAN_FC_STYPE_DISASSOC:
3672 wpa_printf(MSG_DEBUG, "mgmt::disassoc cb");
3673 handle_disassoc_cb(hapd, mgmt, len, ok);
3674 break;
3675 case WLAN_FC_STYPE_ACTION:
3676 wpa_printf(MSG_DEBUG, "mgmt::action cb ok=%d", ok);
3677 handle_action_cb(hapd, mgmt, len, ok);
3678 break;
3679 default:
3680 wpa_printf(MSG_INFO, "unknown mgmt cb frame subtype %d", stype);
3681 break;
3682 }
3683 }
3684
3685
ieee802_11_get_mib(struct hostapd_data * hapd,char * buf,size_t buflen)3686 int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
3687 {
3688 /* TODO */
3689 return 0;
3690 }
3691
3692
ieee802_11_get_mib_sta(struct hostapd_data * hapd,struct sta_info * sta,char * buf,size_t buflen)3693 int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
3694 char *buf, size_t buflen)
3695 {
3696 /* TODO */
3697 return 0;
3698 }
3699
3700
hostapd_tx_status(struct hostapd_data * hapd,const u8 * addr,const u8 * buf,size_t len,int ack)3701 void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr,
3702 const u8 *buf, size_t len, int ack)
3703 {
3704 struct sta_info *sta;
3705 struct hostapd_iface *iface = hapd->iface;
3706
3707 sta = ap_get_sta(hapd, addr);
3708 if (sta == NULL && iface->num_bss > 1) {
3709 size_t j;
3710 for (j = 0; j < iface->num_bss; j++) {
3711 hapd = iface->bss[j];
3712 sta = ap_get_sta(hapd, addr);
3713 if (sta)
3714 break;
3715 }
3716 }
3717 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))
3718 return;
3719 if (sta->flags & WLAN_STA_PENDING_POLL) {
3720 wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending "
3721 "activity poll", MAC2STR(sta->addr),
3722 ack ? "ACKed" : "did not ACK");
3723 if (ack)
3724 sta->flags &= ~WLAN_STA_PENDING_POLL;
3725 }
3726
3727 ieee802_1x_tx_status(hapd, sta, buf, len, ack);
3728 }
3729
3730
hostapd_eapol_tx_status(struct hostapd_data * hapd,const u8 * dst,const u8 * data,size_t len,int ack)3731 void hostapd_eapol_tx_status(struct hostapd_data *hapd, const u8 *dst,
3732 const u8 *data, size_t len, int ack)
3733 {
3734 struct sta_info *sta;
3735 struct hostapd_iface *iface = hapd->iface;
3736
3737 sta = ap_get_sta(hapd, dst);
3738 if (sta == NULL && iface->num_bss > 1) {
3739 size_t j;
3740 for (j = 0; j < iface->num_bss; j++) {
3741 hapd = iface->bss[j];
3742 sta = ap_get_sta(hapd, dst);
3743 if (sta)
3744 break;
3745 }
3746 }
3747 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) {
3748 wpa_printf(MSG_DEBUG, "Ignore TX status for Data frame to STA "
3749 MACSTR " that is not currently associated",
3750 MAC2STR(dst));
3751 return;
3752 }
3753
3754 ieee802_1x_eapol_tx_status(hapd, sta, data, len, ack);
3755 }
3756
3757
hostapd_client_poll_ok(struct hostapd_data * hapd,const u8 * addr)3758 void hostapd_client_poll_ok(struct hostapd_data *hapd, const u8 *addr)
3759 {
3760 struct sta_info *sta;
3761 struct hostapd_iface *iface = hapd->iface;
3762
3763 sta = ap_get_sta(hapd, addr);
3764 if (sta == NULL && iface->num_bss > 1) {
3765 size_t j;
3766 for (j = 0; j < iface->num_bss; j++) {
3767 hapd = iface->bss[j];
3768 sta = ap_get_sta(hapd, addr);
3769 if (sta)
3770 break;
3771 }
3772 }
3773 if (sta == NULL)
3774 return;
3775 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POLL_OK MACSTR,
3776 MAC2STR(sta->addr));
3777 if (!(sta->flags & WLAN_STA_PENDING_POLL))
3778 return;
3779
3780 wpa_printf(MSG_DEBUG, "STA " MACSTR " ACKed pending "
3781 "activity poll", MAC2STR(sta->addr));
3782 sta->flags &= ~WLAN_STA_PENDING_POLL;
3783 }
3784
3785
ieee802_11_rx_from_unknown(struct hostapd_data * hapd,const u8 * src,int wds)3786 void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src,
3787 int wds)
3788 {
3789 struct sta_info *sta;
3790
3791 sta = ap_get_sta(hapd, src);
3792 if (sta &&
3793 ((sta->flags & WLAN_STA_ASSOC) ||
3794 ((sta->flags & WLAN_STA_ASSOC_REQ_OK) && wds))) {
3795 if (!hapd->conf->wds_sta)
3796 return;
3797
3798 if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK)) ==
3799 WLAN_STA_ASSOC_REQ_OK) {
3800 wpa_printf(MSG_DEBUG,
3801 "Postpone 4-address WDS mode enabling for STA "
3802 MACSTR " since TX status for AssocResp is not yet known",
3803 MAC2STR(sta->addr));
3804 sta->pending_wds_enable = 1;
3805 return;
3806 }
3807
3808 if (wds && !(sta->flags & WLAN_STA_WDS)) {
3809 int ret;
3810 char ifname_wds[IFNAMSIZ + 1];
3811
3812 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for "
3813 "STA " MACSTR " (aid %u)",
3814 MAC2STR(sta->addr), sta->aid);
3815 sta->flags |= WLAN_STA_WDS;
3816 ret = hostapd_set_wds_sta(hapd, ifname_wds,
3817 sta->addr, sta->aid, 1);
3818 if (!ret)
3819 hostapd_set_wds_encryption(hapd, sta,
3820 ifname_wds);
3821 }
3822 return;
3823 }
3824
3825 wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA "
3826 MACSTR, MAC2STR(src));
3827 if (is_multicast_ether_addr(src)) {
3828 /* Broadcast bit set in SA?! Ignore the frame silently. */
3829 return;
3830 }
3831
3832 if (sta && (sta->flags & WLAN_STA_ASSOC_REQ_OK)) {
3833 wpa_printf(MSG_DEBUG, "Association Response to the STA has "
3834 "already been sent, but no TX status yet known - "
3835 "ignore Class 3 frame issue with " MACSTR,
3836 MAC2STR(src));
3837 return;
3838 }
3839
3840 if (sta && (sta->flags & WLAN_STA_AUTH))
3841 hostapd_drv_sta_disassoc(
3842 hapd, src,
3843 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
3844 else
3845 hostapd_drv_sta_deauth(
3846 hapd, src,
3847 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
3848 }
3849
3850
3851 #endif /* CONFIG_NATIVE_WINDOWS */
3852