1 /* 2 * hostapd / IEEE 802.11 Management 3 * Copyright (c) 2002-2011, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #include "utils/includes.h" 16 17 #ifndef CONFIG_NATIVE_WINDOWS 18 19 #include "utils/common.h" 20 #include "utils/eloop.h" 21 #include "crypto/crypto.h" 22 #include "drivers/driver.h" 23 #include "common/ieee802_11_defs.h" 24 #include "common/ieee802_11_common.h" 25 #include "common/wpa_ctrl.h" 26 #include "radius/radius.h" 27 #include "radius/radius_client.h" 28 #include "p2p/p2p.h" 29 #include "wps/wps.h" 30 #include "hostapd.h" 31 #include "beacon.h" 32 #include "ieee802_11_auth.h" 33 #include "sta_info.h" 34 #include "ieee802_1x.h" 35 #include "wpa_auth.h" 36 #include "wmm.h" 37 #include "ap_list.h" 38 #include "accounting.h" 39 #include "ap_config.h" 40 #include "ap_mlme.h" 41 #include "p2p_hostapd.h" 42 #include "ap_drv_ops.h" 43 #include "ieee802_11.h" 44 45 46 u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid) 47 { 48 u8 *pos = eid; 49 int i, num, count; 50 51 if (hapd->iface->current_rates == NULL) 52 return eid; 53 54 *pos++ = WLAN_EID_SUPP_RATES; 55 num = hapd->iface->num_rates; 56 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 57 num++; 58 if (num > 8) { 59 /* rest of the rates are encoded in Extended supported 60 * rates element */ 61 num = 8; 62 } 63 64 *pos++ = num; 65 count = 0; 66 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num; 67 i++) { 68 count++; 69 *pos = hapd->iface->current_rates[i].rate / 5; 70 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 71 *pos |= 0x80; 72 pos++; 73 } 74 75 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && 76 hapd->iface->num_rates < 8) 77 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 78 79 return pos; 80 } 81 82 83 u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid) 84 { 85 u8 *pos = eid; 86 int i, num, count; 87 88 if (hapd->iface->current_rates == NULL) 89 return eid; 90 91 num = hapd->iface->num_rates; 92 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 93 num++; 94 if (num <= 8) 95 return eid; 96 num -= 8; 97 98 *pos++ = WLAN_EID_EXT_SUPP_RATES; 99 *pos++ = num; 100 count = 0; 101 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8; 102 i++) { 103 count++; 104 if (count <= 8) 105 continue; /* already in SuppRates IE */ 106 *pos = hapd->iface->current_rates[i].rate / 5; 107 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 108 *pos |= 0x80; 109 pos++; 110 } 111 112 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && 113 hapd->iface->num_rates >= 8) 114 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 115 116 return pos; 117 } 118 119 120 u16 hostapd_own_capab_info(struct hostapd_data *hapd, struct sta_info *sta, 121 int probe) 122 { 123 int capab = WLAN_CAPABILITY_ESS; 124 int privacy; 125 126 if (hapd->iface->num_sta_no_short_preamble == 0 && 127 hapd->iconf->preamble == SHORT_PREAMBLE) 128 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 129 130 privacy = hapd->conf->ssid.wep.keys_set; 131 132 if (hapd->conf->ieee802_1x && 133 (hapd->conf->default_wep_key_len || 134 hapd->conf->individual_wep_key_len)) 135 privacy = 1; 136 137 if (hapd->conf->wpa) 138 privacy = 1; 139 140 if (sta) { 141 int policy, def_klen; 142 if (probe && sta->ssid_probe) { 143 policy = sta->ssid_probe->security_policy; 144 def_klen = sta->ssid_probe->wep.default_len; 145 } else { 146 policy = sta->ssid->security_policy; 147 def_klen = sta->ssid->wep.default_len; 148 } 149 privacy = policy != SECURITY_PLAINTEXT; 150 if (policy == SECURITY_IEEE_802_1X && def_klen == 0) 151 privacy = 0; 152 } 153 154 if (privacy) 155 capab |= WLAN_CAPABILITY_PRIVACY; 156 157 if (hapd->iface->current_mode && 158 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G && 159 hapd->iface->num_sta_no_short_slot_time == 0) 160 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 161 162 return capab; 163 } 164 165 166 void ieee802_11_print_ssid(char *buf, const u8 *ssid, u8 len) 167 { 168 int i; 169 if (len > HOSTAPD_MAX_SSID_LEN) 170 len = HOSTAPD_MAX_SSID_LEN; 171 for (i = 0; i < len; i++) { 172 if (ssid[i] >= 32 && ssid[i] < 127) 173 buf[i] = ssid[i]; 174 else 175 buf[i] = '.'; 176 } 177 buf[len] = '\0'; 178 } 179 180 181 static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta, 182 u16 auth_transaction, const u8 *challenge, 183 int iswep) 184 { 185 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 186 HOSTAPD_LEVEL_DEBUG, 187 "authentication (shared key, transaction %d)", 188 auth_transaction); 189 190 if (auth_transaction == 1) { 191 if (!sta->challenge) { 192 /* Generate a pseudo-random challenge */ 193 u8 key[8]; 194 struct os_time now; 195 int r; 196 sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN); 197 if (sta->challenge == NULL) 198 return WLAN_STATUS_UNSPECIFIED_FAILURE; 199 200 os_get_time(&now); 201 r = os_random(); 202 os_memcpy(key, &now.sec, 4); 203 os_memcpy(key + 4, &r, 4); 204 rc4_skip(key, sizeof(key), 0, 205 sta->challenge, WLAN_AUTH_CHALLENGE_LEN); 206 } 207 return 0; 208 } 209 210 if (auth_transaction != 3) 211 return WLAN_STATUS_UNSPECIFIED_FAILURE; 212 213 /* Transaction 3 */ 214 if (!iswep || !sta->challenge || !challenge || 215 os_memcmp(sta->challenge, challenge, WLAN_AUTH_CHALLENGE_LEN)) { 216 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 217 HOSTAPD_LEVEL_INFO, 218 "shared key authentication - invalid " 219 "challenge-response"); 220 return WLAN_STATUS_CHALLENGE_FAIL; 221 } 222 223 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 224 HOSTAPD_LEVEL_DEBUG, 225 "authentication OK (shared key)"); 226 #ifdef IEEE80211_REQUIRE_AUTH_ACK 227 /* Station will be marked authenticated if it ACKs the 228 * authentication reply. */ 229 #else 230 sta->flags |= WLAN_STA_AUTH; 231 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 232 #endif 233 os_free(sta->challenge); 234 sta->challenge = NULL; 235 236 return 0; 237 } 238 239 240 static void send_auth_reply(struct hostapd_data *hapd, 241 const u8 *dst, const u8 *bssid, 242 u16 auth_alg, u16 auth_transaction, u16 resp, 243 const u8 *ies, size_t ies_len) 244 { 245 struct ieee80211_mgmt *reply; 246 u8 *buf; 247 size_t rlen; 248 249 rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len; 250 buf = os_zalloc(rlen); 251 if (buf == NULL) 252 return; 253 254 reply = (struct ieee80211_mgmt *) buf; 255 reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 256 WLAN_FC_STYPE_AUTH); 257 os_memcpy(reply->da, dst, ETH_ALEN); 258 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 259 os_memcpy(reply->bssid, bssid, ETH_ALEN); 260 261 reply->u.auth.auth_alg = host_to_le16(auth_alg); 262 reply->u.auth.auth_transaction = host_to_le16(auth_transaction); 263 reply->u.auth.status_code = host_to_le16(resp); 264 265 if (ies && ies_len) 266 os_memcpy(reply->u.auth.variable, ies, ies_len); 267 268 wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR 269 " auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu)", 270 MAC2STR(dst), auth_alg, auth_transaction, 271 resp, (unsigned long) ies_len); 272 if (hostapd_drv_send_mlme(hapd, reply, rlen) < 0) 273 perror("send_auth_reply: send"); 274 275 os_free(buf); 276 } 277 278 279 #ifdef CONFIG_IEEE80211R 280 static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid, 281 u16 auth_transaction, u16 status, 282 const u8 *ies, size_t ies_len) 283 { 284 struct hostapd_data *hapd = ctx; 285 struct sta_info *sta; 286 287 send_auth_reply(hapd, dst, bssid, WLAN_AUTH_FT, auth_transaction, 288 status, ies, ies_len); 289 290 if (status != WLAN_STATUS_SUCCESS) 291 return; 292 293 sta = ap_get_sta(hapd, dst); 294 if (sta == NULL) 295 return; 296 297 hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211, 298 HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)"); 299 sta->flags |= WLAN_STA_AUTH; 300 mlme_authenticate_indication(hapd, sta); 301 } 302 #endif /* CONFIG_IEEE80211R */ 303 304 305 static void handle_auth(struct hostapd_data *hapd, 306 const struct ieee80211_mgmt *mgmt, size_t len) 307 { 308 u16 auth_alg, auth_transaction, status_code; 309 u16 resp = WLAN_STATUS_SUCCESS; 310 struct sta_info *sta = NULL; 311 int res; 312 u16 fc; 313 const u8 *challenge = NULL; 314 u32 session_timeout, acct_interim_interval; 315 int vlan_id = 0; 316 u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN]; 317 size_t resp_ies_len = 0; 318 319 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 320 printf("handle_auth - too short payload (len=%lu)\n", 321 (unsigned long) len); 322 return; 323 } 324 325 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 326 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 327 status_code = le_to_host16(mgmt->u.auth.status_code); 328 fc = le_to_host16(mgmt->frame_control); 329 330 if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) + 331 2 + WLAN_AUTH_CHALLENGE_LEN && 332 mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE && 333 mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN) 334 challenge = &mgmt->u.auth.variable[2]; 335 336 wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d " 337 "auth_transaction=%d status_code=%d wep=%d%s", 338 MAC2STR(mgmt->sa), auth_alg, auth_transaction, 339 status_code, !!(fc & WLAN_FC_ISWEP), 340 challenge ? " challenge" : ""); 341 342 if (hapd->tkip_countermeasures) { 343 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 344 goto fail; 345 } 346 347 if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) && 348 auth_alg == WLAN_AUTH_OPEN) || 349 #ifdef CONFIG_IEEE80211R 350 (hapd->conf->wpa && 351 (hapd->conf->wpa_key_mgmt & 352 (WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_FT_PSK)) && 353 auth_alg == WLAN_AUTH_FT) || 354 #endif /* CONFIG_IEEE80211R */ 355 ((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) && 356 auth_alg == WLAN_AUTH_SHARED_KEY))) { 357 printf("Unsupported authentication algorithm (%d)\n", 358 auth_alg); 359 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 360 goto fail; 361 } 362 363 if (!(auth_transaction == 1 || 364 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) { 365 printf("Unknown authentication transaction number (%d)\n", 366 auth_transaction); 367 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 368 goto fail; 369 } 370 371 if (os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { 372 printf("Station " MACSTR " not allowed to authenticate.\n", 373 MAC2STR(mgmt->sa)); 374 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 375 goto fail; 376 } 377 378 res = hostapd_allowed_address(hapd, mgmt->sa, (u8 *) mgmt, len, 379 &session_timeout, 380 &acct_interim_interval, &vlan_id); 381 if (res == HOSTAPD_ACL_REJECT) { 382 printf("Station " MACSTR " not allowed to authenticate.\n", 383 MAC2STR(mgmt->sa)); 384 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 385 goto fail; 386 } 387 if (res == HOSTAPD_ACL_PENDING) { 388 wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR 389 " waiting for an external authentication", 390 MAC2STR(mgmt->sa)); 391 /* Authentication code will re-send the authentication frame 392 * after it has received (and cached) information from the 393 * external source. */ 394 return; 395 } 396 397 sta = ap_sta_add(hapd, mgmt->sa); 398 if (!sta) { 399 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 400 goto fail; 401 } 402 403 if (vlan_id > 0) { 404 if (hostapd_get_vlan_id_ifname(hapd->conf->vlan, 405 vlan_id) == NULL) { 406 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 407 HOSTAPD_LEVEL_INFO, "Invalid VLAN ID " 408 "%d received from RADIUS server", 409 vlan_id); 410 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 411 goto fail; 412 } 413 sta->vlan_id = vlan_id; 414 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 415 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id); 416 } 417 418 sta->flags &= ~WLAN_STA_PREAUTH; 419 ieee802_1x_notify_pre_auth(sta->eapol_sm, 0); 420 421 if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval) 422 sta->acct_interim_interval = acct_interim_interval; 423 if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT) 424 ap_sta_session_timeout(hapd, sta, session_timeout); 425 else 426 ap_sta_no_session_timeout(hapd, sta); 427 428 switch (auth_alg) { 429 case WLAN_AUTH_OPEN: 430 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 431 HOSTAPD_LEVEL_DEBUG, 432 "authentication OK (open system)"); 433 #ifdef IEEE80211_REQUIRE_AUTH_ACK 434 /* Station will be marked authenticated if it ACKs the 435 * authentication reply. */ 436 #else 437 sta->flags |= WLAN_STA_AUTH; 438 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 439 sta->auth_alg = WLAN_AUTH_OPEN; 440 mlme_authenticate_indication(hapd, sta); 441 #endif 442 break; 443 case WLAN_AUTH_SHARED_KEY: 444 resp = auth_shared_key(hapd, sta, auth_transaction, challenge, 445 fc & WLAN_FC_ISWEP); 446 sta->auth_alg = WLAN_AUTH_SHARED_KEY; 447 mlme_authenticate_indication(hapd, sta); 448 if (sta->challenge && auth_transaction == 1) { 449 resp_ies[0] = WLAN_EID_CHALLENGE; 450 resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN; 451 os_memcpy(resp_ies + 2, sta->challenge, 452 WLAN_AUTH_CHALLENGE_LEN); 453 resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN; 454 } 455 break; 456 #ifdef CONFIG_IEEE80211R 457 case WLAN_AUTH_FT: 458 sta->auth_alg = WLAN_AUTH_FT; 459 if (sta->wpa_sm == NULL) 460 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 461 sta->addr); 462 if (sta->wpa_sm == NULL) { 463 wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA " 464 "state machine"); 465 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 466 goto fail; 467 } 468 wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid, 469 auth_transaction, mgmt->u.auth.variable, 470 len - IEEE80211_HDRLEN - 471 sizeof(mgmt->u.auth), 472 handle_auth_ft_finish, hapd); 473 /* handle_auth_ft_finish() callback will complete auth. */ 474 return; 475 #endif /* CONFIG_IEEE80211R */ 476 } 477 478 fail: 479 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg, 480 auth_transaction + 1, resp, resp_ies, resp_ies_len); 481 } 482 483 484 static int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta) 485 { 486 int i, j = 32, aid; 487 488 /* get a unique AID */ 489 if (sta->aid > 0) { 490 wpa_printf(MSG_DEBUG, " old AID %d", sta->aid); 491 return 0; 492 } 493 494 for (i = 0; i < AID_WORDS; i++) { 495 if (hapd->sta_aid[i] == (u32) -1) 496 continue; 497 for (j = 0; j < 32; j++) { 498 if (!(hapd->sta_aid[i] & BIT(j))) 499 break; 500 } 501 if (j < 32) 502 break; 503 } 504 if (j == 32) 505 return -1; 506 aid = i * 32 + j + 1; 507 if (aid > 2007) 508 return -1; 509 510 sta->aid = aid; 511 hapd->sta_aid[i] |= BIT(j); 512 wpa_printf(MSG_DEBUG, " new AID %d", sta->aid); 513 return 0; 514 } 515 516 517 static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta, 518 const u8 *ssid_ie, size_t ssid_ie_len) 519 { 520 if (ssid_ie == NULL) 521 return WLAN_STATUS_UNSPECIFIED_FAILURE; 522 523 if (ssid_ie_len != hapd->conf->ssid.ssid_len || 524 os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) { 525 char ssid_txt[33]; 526 ieee802_11_print_ssid(ssid_txt, ssid_ie, ssid_ie_len); 527 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 528 HOSTAPD_LEVEL_INFO, 529 "Station tried to associate with unknown SSID " 530 "'%s'", ssid_txt); 531 return WLAN_STATUS_UNSPECIFIED_FAILURE; 532 } 533 534 return WLAN_STATUS_SUCCESS; 535 } 536 537 538 static u16 check_wmm(struct hostapd_data *hapd, struct sta_info *sta, 539 const u8 *wmm_ie, size_t wmm_ie_len) 540 { 541 sta->flags &= ~WLAN_STA_WMM; 542 if (wmm_ie && hapd->conf->wmm_enabled) { 543 if (!hostapd_eid_wmm_valid(hapd, wmm_ie, wmm_ie_len)) 544 hostapd_logger(hapd, sta->addr, 545 HOSTAPD_MODULE_WPA, 546 HOSTAPD_LEVEL_DEBUG, 547 "invalid WMM element in association " 548 "request"); 549 else 550 sta->flags |= WLAN_STA_WMM; 551 } 552 return WLAN_STATUS_SUCCESS; 553 } 554 555 556 static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta, 557 struct ieee802_11_elems *elems) 558 { 559 if (!elems->supp_rates) { 560 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 561 HOSTAPD_LEVEL_DEBUG, 562 "No supported rates element in AssocReq"); 563 return WLAN_STATUS_UNSPECIFIED_FAILURE; 564 } 565 566 if (elems->supp_rates_len > sizeof(sta->supported_rates)) { 567 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 568 HOSTAPD_LEVEL_DEBUG, 569 "Invalid supported rates element length %d", 570 elems->supp_rates_len); 571 return WLAN_STATUS_UNSPECIFIED_FAILURE; 572 } 573 574 os_memset(sta->supported_rates, 0, sizeof(sta->supported_rates)); 575 os_memcpy(sta->supported_rates, elems->supp_rates, 576 elems->supp_rates_len); 577 sta->supported_rates_len = elems->supp_rates_len; 578 579 if (elems->ext_supp_rates) { 580 if (elems->supp_rates_len + elems->ext_supp_rates_len > 581 sizeof(sta->supported_rates)) { 582 hostapd_logger(hapd, sta->addr, 583 HOSTAPD_MODULE_IEEE80211, 584 HOSTAPD_LEVEL_DEBUG, 585 "Invalid supported rates element length" 586 " %d+%d", elems->supp_rates_len, 587 elems->ext_supp_rates_len); 588 return WLAN_STATUS_UNSPECIFIED_FAILURE; 589 } 590 591 os_memcpy(sta->supported_rates + elems->supp_rates_len, 592 elems->ext_supp_rates, elems->ext_supp_rates_len); 593 sta->supported_rates_len += elems->ext_supp_rates_len; 594 } 595 596 return WLAN_STATUS_SUCCESS; 597 } 598 599 600 static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, 601 const u8 *ies, size_t ies_len, int reassoc) 602 { 603 struct ieee802_11_elems elems; 604 u16 resp; 605 const u8 *wpa_ie; 606 size_t wpa_ie_len; 607 608 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) { 609 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 610 HOSTAPD_LEVEL_INFO, "Station sent an invalid " 611 "association request"); 612 return WLAN_STATUS_UNSPECIFIED_FAILURE; 613 } 614 615 resp = check_ssid(hapd, sta, elems.ssid, elems.ssid_len); 616 if (resp != WLAN_STATUS_SUCCESS) 617 return resp; 618 resp = check_wmm(hapd, sta, elems.wmm, elems.wmm_len); 619 if (resp != WLAN_STATUS_SUCCESS) 620 return resp; 621 resp = copy_supp_rates(hapd, sta, &elems); 622 if (resp != WLAN_STATUS_SUCCESS) 623 return resp; 624 #ifdef CONFIG_IEEE80211N 625 resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities, 626 elems.ht_capabilities_len); 627 if (resp != WLAN_STATUS_SUCCESS) 628 return resp; 629 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && 630 !(sta->flags & WLAN_STA_HT)) { 631 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 632 HOSTAPD_LEVEL_INFO, "Station does not support " 633 "mandatory HT PHY - reject association"); 634 return WLAN_STATUS_ASSOC_DENIED_NO_HT; 635 } 636 #endif /* CONFIG_IEEE80211N */ 637 638 if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems.rsn_ie) { 639 wpa_ie = elems.rsn_ie; 640 wpa_ie_len = elems.rsn_ie_len; 641 } else if ((hapd->conf->wpa & WPA_PROTO_WPA) && 642 elems.wpa_ie) { 643 wpa_ie = elems.wpa_ie; 644 wpa_ie_len = elems.wpa_ie_len; 645 } else { 646 wpa_ie = NULL; 647 wpa_ie_len = 0; 648 } 649 650 #ifdef CONFIG_WPS 651 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2); 652 if (hapd->conf->wps_state && elems.wps_ie) { 653 wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)Association " 654 "Request - assume WPS is used"); 655 sta->flags |= WLAN_STA_WPS; 656 wpabuf_free(sta->wps_ie); 657 sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 658 WPS_IE_VENDOR_TYPE); 659 if (sta->wps_ie && wps_is_20(sta->wps_ie)) { 660 wpa_printf(MSG_DEBUG, "WPS: STA supports WPS 2.0"); 661 sta->flags |= WLAN_STA_WPS2; 662 } 663 wpa_ie = NULL; 664 wpa_ie_len = 0; 665 if (sta->wps_ie && wps_validate_assoc_req(sta->wps_ie) < 0) { 666 wpa_printf(MSG_DEBUG, "WPS: Invalid WPS IE in " 667 "(Re)Association Request - reject"); 668 return WLAN_STATUS_INVALID_IE; 669 } 670 } else if (hapd->conf->wps_state && wpa_ie == NULL) { 671 wpa_printf(MSG_DEBUG, "STA did not include WPA/RSN IE in " 672 "(Re)Association Request - possible WPS use"); 673 sta->flags |= WLAN_STA_MAYBE_WPS; 674 } else 675 #endif /* CONFIG_WPS */ 676 if (hapd->conf->wpa && wpa_ie == NULL) { 677 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 678 HOSTAPD_LEVEL_INFO, 679 "No WPA/RSN IE in association request"); 680 return WLAN_STATUS_INVALID_IE; 681 } 682 683 if (hapd->conf->wpa && wpa_ie) { 684 int res; 685 wpa_ie -= 2; 686 wpa_ie_len += 2; 687 if (sta->wpa_sm == NULL) 688 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 689 sta->addr); 690 if (sta->wpa_sm == NULL) { 691 wpa_printf(MSG_WARNING, "Failed to initialize WPA " 692 "state machine"); 693 return WLAN_STATUS_UNSPECIFIED_FAILURE; 694 } 695 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm, 696 wpa_ie, wpa_ie_len, 697 elems.mdie, elems.mdie_len); 698 if (res == WPA_INVALID_GROUP) 699 resp = WLAN_STATUS_GROUP_CIPHER_NOT_VALID; 700 else if (res == WPA_INVALID_PAIRWISE) 701 resp = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID; 702 else if (res == WPA_INVALID_AKMP) 703 resp = WLAN_STATUS_AKMP_NOT_VALID; 704 else if (res == WPA_ALLOC_FAIL) 705 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 706 #ifdef CONFIG_IEEE80211W 707 else if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION) 708 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 709 else if (res == WPA_INVALID_MGMT_GROUP_CIPHER) 710 resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 711 #endif /* CONFIG_IEEE80211W */ 712 else if (res == WPA_INVALID_MDIE) 713 resp = WLAN_STATUS_INVALID_MDIE; 714 else if (res != WPA_IE_OK) 715 resp = WLAN_STATUS_INVALID_IE; 716 if (resp != WLAN_STATUS_SUCCESS) 717 return resp; 718 #ifdef CONFIG_IEEE80211W 719 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 720 sta->sa_query_count > 0) 721 ap_check_sa_query_timeout(hapd, sta); 722 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 723 (!reassoc || sta->auth_alg != WLAN_AUTH_FT)) { 724 /* 725 * STA has already been associated with MFP and SA 726 * Query timeout has not been reached. Reject the 727 * association attempt temporarily and start SA Query, 728 * if one is not pending. 729 */ 730 731 if (sta->sa_query_count == 0) 732 ap_sta_start_sa_query(hapd, sta); 733 734 return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY; 735 } 736 737 if (wpa_auth_uses_mfp(sta->wpa_sm)) 738 sta->flags |= WLAN_STA_MFP; 739 else 740 sta->flags &= ~WLAN_STA_MFP; 741 #endif /* CONFIG_IEEE80211W */ 742 743 #ifdef CONFIG_IEEE80211R 744 if (sta->auth_alg == WLAN_AUTH_FT) { 745 if (!reassoc) { 746 wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried " 747 "to use association (not " 748 "re-association) with FT auth_alg", 749 MAC2STR(sta->addr)); 750 return WLAN_STATUS_UNSPECIFIED_FAILURE; 751 } 752 753 resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies, 754 ies_len); 755 if (resp != WLAN_STATUS_SUCCESS) 756 return resp; 757 } 758 #endif /* CONFIG_IEEE80211R */ 759 760 #ifdef CONFIG_IEEE80211N 761 if ((sta->flags & WLAN_STA_HT) && 762 wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) { 763 hostapd_logger(hapd, sta->addr, 764 HOSTAPD_MODULE_IEEE80211, 765 HOSTAPD_LEVEL_INFO, 766 "Station tried to use TKIP with HT " 767 "association"); 768 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY; 769 } 770 #endif /* CONFIG_IEEE80211N */ 771 } else 772 wpa_auth_sta_no_wpa(sta->wpa_sm); 773 774 #ifdef CONFIG_P2P 775 if (elems.p2p) { 776 wpabuf_free(sta->p2p_ie); 777 sta->p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 778 P2P_IE_VENDOR_TYPE); 779 780 } else { 781 wpabuf_free(sta->p2p_ie); 782 sta->p2p_ie = NULL; 783 } 784 785 p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len); 786 #endif /* CONFIG_P2P */ 787 788 return WLAN_STATUS_SUCCESS; 789 } 790 791 792 static void send_deauth(struct hostapd_data *hapd, const u8 *addr, 793 u16 reason_code) 794 { 795 int send_len; 796 struct ieee80211_mgmt reply; 797 798 os_memset(&reply, 0, sizeof(reply)); 799 reply.frame_control = 800 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH); 801 os_memcpy(reply.da, addr, ETH_ALEN); 802 os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN); 803 os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN); 804 805 send_len = IEEE80211_HDRLEN + sizeof(reply.u.deauth); 806 reply.u.deauth.reason_code = host_to_le16(reason_code); 807 808 if (hostapd_drv_send_mlme(hapd, &reply, send_len) < 0) 809 wpa_printf(MSG_INFO, "Failed to send deauth: %s", 810 strerror(errno)); 811 } 812 813 814 static void send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta, 815 u16 status_code, int reassoc, const u8 *ies, 816 size_t ies_len) 817 { 818 int send_len; 819 u8 buf[sizeof(struct ieee80211_mgmt) + 1024]; 820 struct ieee80211_mgmt *reply; 821 u8 *p; 822 823 os_memset(buf, 0, sizeof(buf)); 824 reply = (struct ieee80211_mgmt *) buf; 825 reply->frame_control = 826 IEEE80211_FC(WLAN_FC_TYPE_MGMT, 827 (reassoc ? WLAN_FC_STYPE_REASSOC_RESP : 828 WLAN_FC_STYPE_ASSOC_RESP)); 829 os_memcpy(reply->da, sta->addr, ETH_ALEN); 830 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 831 os_memcpy(reply->bssid, hapd->own_addr, ETH_ALEN); 832 833 send_len = IEEE80211_HDRLEN; 834 send_len += sizeof(reply->u.assoc_resp); 835 reply->u.assoc_resp.capab_info = 836 host_to_le16(hostapd_own_capab_info(hapd, sta, 0)); 837 reply->u.assoc_resp.status_code = host_to_le16(status_code); 838 reply->u.assoc_resp.aid = host_to_le16((sta ? sta->aid : 0) 839 | BIT(14) | BIT(15)); 840 /* Supported rates */ 841 p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable); 842 /* Extended supported rates */ 843 p = hostapd_eid_ext_supp_rates(hapd, p); 844 845 #ifdef CONFIG_IEEE80211R 846 if (status_code == WLAN_STATUS_SUCCESS) { 847 /* IEEE 802.11r: Mobility Domain Information, Fast BSS 848 * Transition Information, RSN, [RIC Response] */ 849 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p, 850 buf + sizeof(buf) - p, 851 sta->auth_alg, ies, ies_len); 852 } 853 #endif /* CONFIG_IEEE80211R */ 854 855 #ifdef CONFIG_IEEE80211W 856 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) 857 p = hostapd_eid_assoc_comeback_time(hapd, sta, p); 858 #endif /* CONFIG_IEEE80211W */ 859 860 #ifdef CONFIG_IEEE80211N 861 p = hostapd_eid_ht_capabilities(hapd, p); 862 p = hostapd_eid_ht_operation(hapd, p); 863 #endif /* CONFIG_IEEE80211N */ 864 865 p = hostapd_eid_ext_capab(hapd, p); 866 867 if (sta->flags & WLAN_STA_WMM) 868 p = hostapd_eid_wmm(hapd, p); 869 870 #ifdef CONFIG_WPS 871 if ((sta->flags & WLAN_STA_WPS) || 872 ((sta->flags & WLAN_STA_MAYBE_WPS) && hapd->conf->wpa)) { 873 struct wpabuf *wps = wps_build_assoc_resp_ie(); 874 if (wps) { 875 os_memcpy(p, wpabuf_head(wps), wpabuf_len(wps)); 876 p += wpabuf_len(wps); 877 wpabuf_free(wps); 878 } 879 } 880 #endif /* CONFIG_WPS */ 881 882 #ifdef CONFIG_P2P 883 if (sta->p2p_ie) { 884 struct wpabuf *p2p_resp_ie; 885 enum p2p_status_code status; 886 switch (status_code) { 887 case WLAN_STATUS_SUCCESS: 888 status = P2P_SC_SUCCESS; 889 break; 890 case WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA: 891 status = P2P_SC_FAIL_LIMIT_REACHED; 892 break; 893 default: 894 status = P2P_SC_FAIL_INVALID_PARAMS; 895 break; 896 } 897 p2p_resp_ie = p2p_group_assoc_resp_ie(hapd->p2p_group, status); 898 if (p2p_resp_ie) { 899 os_memcpy(p, wpabuf_head(p2p_resp_ie), 900 wpabuf_len(p2p_resp_ie)); 901 p += wpabuf_len(p2p_resp_ie); 902 wpabuf_free(p2p_resp_ie); 903 } 904 } 905 #endif /* CONFIG_P2P */ 906 907 #ifdef CONFIG_P2P_MANAGER 908 if (hapd->conf->p2p & P2P_MANAGE) 909 p = hostapd_eid_p2p_manage(hapd, p); 910 #endif /* CONFIG_P2P_MANAGER */ 911 912 send_len += p - reply->u.assoc_resp.variable; 913 914 if (hostapd_drv_send_mlme(hapd, reply, send_len) < 0) 915 wpa_printf(MSG_INFO, "Failed to send assoc resp: %s", 916 strerror(errno)); 917 } 918 919 920 static void handle_assoc(struct hostapd_data *hapd, 921 const struct ieee80211_mgmt *mgmt, size_t len, 922 int reassoc) 923 { 924 u16 capab_info, listen_interval; 925 u16 resp = WLAN_STATUS_SUCCESS; 926 const u8 *pos; 927 int left, i; 928 struct sta_info *sta; 929 930 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : 931 sizeof(mgmt->u.assoc_req))) { 932 printf("handle_assoc(reassoc=%d) - too short payload (len=%lu)" 933 "\n", reassoc, (unsigned long) len); 934 return; 935 } 936 937 if (reassoc) { 938 capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info); 939 listen_interval = le_to_host16( 940 mgmt->u.reassoc_req.listen_interval); 941 wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR 942 " capab_info=0x%02x listen_interval=%d current_ap=" 943 MACSTR, 944 MAC2STR(mgmt->sa), capab_info, listen_interval, 945 MAC2STR(mgmt->u.reassoc_req.current_ap)); 946 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req)); 947 pos = mgmt->u.reassoc_req.variable; 948 } else { 949 capab_info = le_to_host16(mgmt->u.assoc_req.capab_info); 950 listen_interval = le_to_host16( 951 mgmt->u.assoc_req.listen_interval); 952 wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR 953 " capab_info=0x%02x listen_interval=%d", 954 MAC2STR(mgmt->sa), capab_info, listen_interval); 955 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req)); 956 pos = mgmt->u.assoc_req.variable; 957 } 958 959 sta = ap_get_sta(hapd, mgmt->sa); 960 #ifdef CONFIG_IEEE80211R 961 if (sta && sta->auth_alg == WLAN_AUTH_FT && 962 (sta->flags & WLAN_STA_AUTH) == 0) { 963 wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate " 964 "prior to authentication since it is using " 965 "over-the-DS FT", MAC2STR(mgmt->sa)); 966 } else 967 #endif /* CONFIG_IEEE80211R */ 968 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) { 969 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 970 HOSTAPD_LEVEL_INFO, "Station tried to " 971 "associate before authentication " 972 "(aid=%d flags=0x%x)", 973 sta ? sta->aid : -1, 974 sta ? sta->flags : 0); 975 send_deauth(hapd, mgmt->sa, 976 WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA); 977 return; 978 } 979 980 if (hapd->tkip_countermeasures) { 981 resp = WLAN_REASON_MICHAEL_MIC_FAILURE; 982 goto fail; 983 } 984 985 if (listen_interval > hapd->conf->max_listen_interval) { 986 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 987 HOSTAPD_LEVEL_DEBUG, 988 "Too large Listen Interval (%d)", 989 listen_interval); 990 resp = WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE; 991 goto fail; 992 } 993 994 /* followed by SSID and Supported rates; and HT capabilities if 802.11n 995 * is used */ 996 resp = check_assoc_ies(hapd, sta, pos, left, reassoc); 997 if (resp != WLAN_STATUS_SUCCESS) 998 goto fail; 999 1000 if (hostapd_get_aid(hapd, sta) < 0) { 1001 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1002 HOSTAPD_LEVEL_INFO, "No room for more AIDs"); 1003 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 1004 goto fail; 1005 } 1006 1007 sta->capability = capab_info; 1008 sta->listen_interval = listen_interval; 1009 1010 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G) 1011 sta->flags |= WLAN_STA_NONERP; 1012 for (i = 0; i < sta->supported_rates_len; i++) { 1013 if ((sta->supported_rates[i] & 0x7f) > 22) { 1014 sta->flags &= ~WLAN_STA_NONERP; 1015 break; 1016 } 1017 } 1018 if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) { 1019 sta->nonerp_set = 1; 1020 hapd->iface->num_sta_non_erp++; 1021 if (hapd->iface->num_sta_non_erp == 1) 1022 ieee802_11_set_beacons(hapd->iface); 1023 } 1024 1025 if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) && 1026 !sta->no_short_slot_time_set) { 1027 sta->no_short_slot_time_set = 1; 1028 hapd->iface->num_sta_no_short_slot_time++; 1029 if (hapd->iface->current_mode->mode == 1030 HOSTAPD_MODE_IEEE80211G && 1031 hapd->iface->num_sta_no_short_slot_time == 1) 1032 ieee802_11_set_beacons(hapd->iface); 1033 } 1034 1035 if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) 1036 sta->flags |= WLAN_STA_SHORT_PREAMBLE; 1037 else 1038 sta->flags &= ~WLAN_STA_SHORT_PREAMBLE; 1039 1040 if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) && 1041 !sta->no_short_preamble_set) { 1042 sta->no_short_preamble_set = 1; 1043 hapd->iface->num_sta_no_short_preamble++; 1044 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 1045 && hapd->iface->num_sta_no_short_preamble == 1) 1046 ieee802_11_set_beacons(hapd->iface); 1047 } 1048 1049 #ifdef CONFIG_IEEE80211N 1050 update_ht_state(hapd, sta); 1051 #endif /* CONFIG_IEEE80211N */ 1052 1053 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1054 HOSTAPD_LEVEL_DEBUG, 1055 "association OK (aid %d)", sta->aid); 1056 /* Station will be marked associated, after it acknowledges AssocResp 1057 */ 1058 sta->flags |= WLAN_STA_ASSOC_REQ_OK; 1059 1060 #ifdef CONFIG_IEEE80211W 1061 if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) { 1062 wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out " 1063 "SA Query procedure", reassoc ? "re" : ""); 1064 /* TODO: Send a protected Disassociate frame to the STA using 1065 * the old key and Reason Code "Previous Authentication no 1066 * longer valid". Make sure this is only sent protected since 1067 * unprotected frame would be received by the STA that is now 1068 * trying to associate. 1069 */ 1070 } 1071 #endif /* CONFIG_IEEE80211W */ 1072 1073 if (reassoc) { 1074 os_memcpy(sta->previous_ap, mgmt->u.reassoc_req.current_ap, 1075 ETH_ALEN); 1076 } 1077 1078 if (sta->last_assoc_req) 1079 os_free(sta->last_assoc_req); 1080 sta->last_assoc_req = os_malloc(len); 1081 if (sta->last_assoc_req) 1082 os_memcpy(sta->last_assoc_req, mgmt, len); 1083 1084 /* Make sure that the previously registered inactivity timer will not 1085 * remove the STA immediately. */ 1086 sta->timeout_next = STA_NULLFUNC; 1087 1088 fail: 1089 send_assoc_resp(hapd, sta, resp, reassoc, pos, left); 1090 } 1091 1092 1093 static void handle_disassoc(struct hostapd_data *hapd, 1094 const struct ieee80211_mgmt *mgmt, size_t len) 1095 { 1096 struct sta_info *sta; 1097 1098 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) { 1099 printf("handle_disassoc - too short payload (len=%lu)\n", 1100 (unsigned long) len); 1101 return; 1102 } 1103 1104 wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d", 1105 MAC2STR(mgmt->sa), 1106 le_to_host16(mgmt->u.disassoc.reason_code)); 1107 1108 sta = ap_get_sta(hapd, mgmt->sa); 1109 if (sta == NULL) { 1110 printf("Station " MACSTR " trying to disassociate, but it " 1111 "is not associated.\n", MAC2STR(mgmt->sa)); 1112 return; 1113 } 1114 1115 ap_sta_set_authorized(hapd, sta, 0); 1116 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 1117 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC); 1118 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1119 HOSTAPD_LEVEL_INFO, "disassociated"); 1120 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 1121 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 1122 /* Stop Accounting and IEEE 802.1X sessions, but leave the STA 1123 * authenticated. */ 1124 accounting_sta_stop(hapd, sta); 1125 ieee802_1x_free_station(sta); 1126 hostapd_drv_sta_remove(hapd, sta->addr); 1127 1128 if (sta->timeout_next == STA_NULLFUNC || 1129 sta->timeout_next == STA_DISASSOC) { 1130 sta->timeout_next = STA_DEAUTH; 1131 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 1132 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer, 1133 hapd, sta); 1134 } 1135 1136 mlme_disassociate_indication( 1137 hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code)); 1138 } 1139 1140 1141 static void handle_deauth(struct hostapd_data *hapd, 1142 const struct ieee80211_mgmt *mgmt, size_t len) 1143 { 1144 struct sta_info *sta; 1145 1146 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) { 1147 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "handle_deauth - too short " 1148 "payload (len=%lu)", (unsigned long) len); 1149 return; 1150 } 1151 1152 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "deauthentication: STA=" MACSTR 1153 " reason_code=%d", 1154 MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code)); 1155 1156 sta = ap_get_sta(hapd, mgmt->sa); 1157 if (sta == NULL) { 1158 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying " 1159 "to deauthenticate, but it is not authenticated", 1160 MAC2STR(mgmt->sa)); 1161 return; 1162 } 1163 1164 ap_sta_set_authorized(hapd, sta, 0); 1165 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | 1166 WLAN_STA_ASSOC_REQ_OK); 1167 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH); 1168 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1169 HOSTAPD_LEVEL_DEBUG, "deauthenticated"); 1170 mlme_deauthenticate_indication( 1171 hapd, sta, le_to_host16(mgmt->u.deauth.reason_code)); 1172 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 1173 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 1174 ap_free_sta(hapd, sta); 1175 } 1176 1177 1178 static void handle_beacon(struct hostapd_data *hapd, 1179 const struct ieee80211_mgmt *mgmt, size_t len, 1180 struct hostapd_frame_info *fi) 1181 { 1182 struct ieee802_11_elems elems; 1183 1184 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) { 1185 printf("handle_beacon - too short payload (len=%lu)\n", 1186 (unsigned long) len); 1187 return; 1188 } 1189 1190 (void) ieee802_11_parse_elems(mgmt->u.beacon.variable, 1191 len - (IEEE80211_HDRLEN + 1192 sizeof(mgmt->u.beacon)), &elems, 1193 0); 1194 1195 ap_list_process_beacon(hapd->iface, mgmt, &elems, fi); 1196 } 1197 1198 1199 #ifdef CONFIG_IEEE80211W 1200 1201 static void hostapd_sa_query_action(struct hostapd_data *hapd, 1202 const struct ieee80211_mgmt *mgmt, 1203 size_t len) 1204 { 1205 const u8 *end; 1206 1207 end = mgmt->u.action.u.sa_query_resp.trans_id + 1208 WLAN_SA_QUERY_TR_ID_LEN; 1209 if (((u8 *) mgmt) + len < end) { 1210 wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action " 1211 "frame (len=%lu)", (unsigned long) len); 1212 return; 1213 } 1214 1215 ieee802_11_sa_query_action(hapd, mgmt->sa, 1216 mgmt->u.action.u.sa_query_resp.action, 1217 mgmt->u.action.u.sa_query_resp.trans_id); 1218 } 1219 1220 1221 static int robust_action_frame(u8 category) 1222 { 1223 return category != WLAN_ACTION_PUBLIC && 1224 category != WLAN_ACTION_HT; 1225 } 1226 #endif /* CONFIG_IEEE80211W */ 1227 1228 1229 static void handle_action(struct hostapd_data *hapd, 1230 const struct ieee80211_mgmt *mgmt, size_t len) 1231 { 1232 #if defined(CONFIG_IEEE80211W) || defined(CONFIG_IEEE80211R) 1233 struct sta_info *sta; 1234 sta = ap_get_sta(hapd, mgmt->sa); 1235 #endif /* CONFIG_IEEE80211W || CONFIG_IEEE80211R */ 1236 1237 if (len < IEEE80211_HDRLEN + 1) { 1238 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1239 HOSTAPD_LEVEL_DEBUG, 1240 "handle_action - too short payload (len=%lu)", 1241 (unsigned long) len); 1242 return; 1243 } 1244 1245 #ifdef CONFIG_IEEE80211W 1246 if (sta && (sta->flags & WLAN_STA_MFP) && 1247 !(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP) && 1248 robust_action_frame(mgmt->u.action.category))) { 1249 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1250 HOSTAPD_LEVEL_DEBUG, 1251 "Dropped unprotected Robust Action frame from " 1252 "an MFP STA"); 1253 return; 1254 } 1255 #endif /* CONFIG_IEEE80211W */ 1256 1257 switch (mgmt->u.action.category) { 1258 #ifdef CONFIG_IEEE80211R 1259 case WLAN_ACTION_FT: 1260 { 1261 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) { 1262 wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored FT Action " 1263 "frame from unassociated STA " MACSTR, 1264 MAC2STR(mgmt->sa)); 1265 return; 1266 } 1267 1268 if (wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action, 1269 len - IEEE80211_HDRLEN)) 1270 break; 1271 1272 return; 1273 } 1274 #endif /* CONFIG_IEEE80211R */ 1275 case WLAN_ACTION_WMM: 1276 hostapd_wmm_action(hapd, mgmt, len); 1277 return; 1278 #ifdef CONFIG_IEEE80211W 1279 case WLAN_ACTION_SA_QUERY: 1280 hostapd_sa_query_action(hapd, mgmt, len); 1281 return; 1282 #endif /* CONFIG_IEEE80211W */ 1283 case WLAN_ACTION_PUBLIC: 1284 if (hapd->public_action_cb) { 1285 hapd->public_action_cb(hapd->public_action_cb_ctx, 1286 (u8 *) mgmt, len, 1287 hapd->iface->freq); 1288 return; 1289 } 1290 break; 1291 case WLAN_ACTION_VENDOR_SPECIFIC: 1292 if (hapd->vendor_action_cb) { 1293 if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx, 1294 (u8 *) mgmt, len, 1295 hapd->iface->freq) == 0) 1296 return; 1297 } 1298 break; 1299 } 1300 1301 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1302 HOSTAPD_LEVEL_DEBUG, 1303 "handle_action - unknown action category %d or invalid " 1304 "frame", 1305 mgmt->u.action.category); 1306 if (!(mgmt->da[0] & 0x01) && !(mgmt->u.action.category & 0x80) && 1307 !(mgmt->sa[0] & 0x01)) { 1308 struct ieee80211_mgmt *resp; 1309 1310 /* 1311 * IEEE 802.11-REVma/D9.0 - 7.3.1.11 1312 * Return the Action frame to the source without change 1313 * except that MSB of the Category set to 1. 1314 */ 1315 wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action " 1316 "frame back to sender"); 1317 resp = os_malloc(len); 1318 if (resp == NULL) 1319 return; 1320 os_memcpy(resp, mgmt, len); 1321 os_memcpy(resp->da, resp->sa, ETH_ALEN); 1322 os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN); 1323 os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN); 1324 resp->u.action.category |= 0x80; 1325 1326 hostapd_drv_send_mlme(hapd, resp, len); 1327 os_free(resp); 1328 } 1329 } 1330 1331 1332 /** 1333 * ieee802_11_mgmt - process incoming IEEE 802.11 management frames 1334 * @hapd: hostapd BSS data structure (the BSS to which the management frame was 1335 * sent to) 1336 * @buf: management frame data (starting from IEEE 802.11 header) 1337 * @len: length of frame data in octets 1338 * @fi: meta data about received frame (signal level, etc.) 1339 * 1340 * Process all incoming IEEE 802.11 management frames. This will be called for 1341 * each frame received from the kernel driver through wlan#ap interface. In 1342 * addition, it can be called to re-inserted pending frames (e.g., when using 1343 * external RADIUS server as an MAC ACL). 1344 */ 1345 void ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, 1346 struct hostapd_frame_info *fi) 1347 { 1348 struct ieee80211_mgmt *mgmt; 1349 int broadcast; 1350 u16 fc, stype; 1351 1352 if (len < 24) 1353 return; 1354 1355 mgmt = (struct ieee80211_mgmt *) buf; 1356 fc = le_to_host16(mgmt->frame_control); 1357 stype = WLAN_FC_GET_STYPE(fc); 1358 1359 if (stype == WLAN_FC_STYPE_BEACON) { 1360 handle_beacon(hapd, mgmt, len, fi); 1361 return; 1362 } 1363 1364 broadcast = mgmt->bssid[0] == 0xff && mgmt->bssid[1] == 0xff && 1365 mgmt->bssid[2] == 0xff && mgmt->bssid[3] == 0xff && 1366 mgmt->bssid[4] == 0xff && mgmt->bssid[5] == 0xff; 1367 1368 if (!broadcast && 1369 #ifdef CONFIG_P2P 1370 /* Invitation responses can be sent with the peer MAC as BSSID */ 1371 !((hapd->conf->p2p & P2P_GROUP_OWNER) && 1372 stype == WLAN_FC_STYPE_ACTION) && 1373 #endif /* CONFIG_P2P */ 1374 os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) { 1375 printf("MGMT: BSSID=" MACSTR " not our address\n", 1376 MAC2STR(mgmt->bssid)); 1377 return; 1378 } 1379 1380 1381 if (stype == WLAN_FC_STYPE_PROBE_REQ) { 1382 handle_probe_req(hapd, mgmt, len); 1383 return; 1384 } 1385 1386 if (os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) { 1387 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1388 HOSTAPD_LEVEL_DEBUG, 1389 "MGMT: DA=" MACSTR " not our address", 1390 MAC2STR(mgmt->da)); 1391 return; 1392 } 1393 1394 switch (stype) { 1395 case WLAN_FC_STYPE_AUTH: 1396 wpa_printf(MSG_DEBUG, "mgmt::auth"); 1397 handle_auth(hapd, mgmt, len); 1398 break; 1399 case WLAN_FC_STYPE_ASSOC_REQ: 1400 wpa_printf(MSG_DEBUG, "mgmt::assoc_req"); 1401 handle_assoc(hapd, mgmt, len, 0); 1402 break; 1403 case WLAN_FC_STYPE_REASSOC_REQ: 1404 wpa_printf(MSG_DEBUG, "mgmt::reassoc_req"); 1405 handle_assoc(hapd, mgmt, len, 1); 1406 break; 1407 case WLAN_FC_STYPE_DISASSOC: 1408 wpa_printf(MSG_DEBUG, "mgmt::disassoc"); 1409 handle_disassoc(hapd, mgmt, len); 1410 break; 1411 case WLAN_FC_STYPE_DEAUTH: 1412 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth"); 1413 handle_deauth(hapd, mgmt, len); 1414 break; 1415 case WLAN_FC_STYPE_ACTION: 1416 wpa_printf(MSG_DEBUG, "mgmt::action"); 1417 handle_action(hapd, mgmt, len); 1418 break; 1419 default: 1420 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 1421 HOSTAPD_LEVEL_DEBUG, 1422 "unknown mgmt frame subtype %d", stype); 1423 break; 1424 } 1425 } 1426 1427 1428 static void handle_auth_cb(struct hostapd_data *hapd, 1429 const struct ieee80211_mgmt *mgmt, 1430 size_t len, int ok) 1431 { 1432 u16 auth_alg, auth_transaction, status_code; 1433 struct sta_info *sta; 1434 1435 if (!ok) { 1436 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 1437 HOSTAPD_LEVEL_NOTICE, 1438 "did not acknowledge authentication response"); 1439 return; 1440 } 1441 1442 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 1443 printf("handle_auth_cb - too short payload (len=%lu)\n", 1444 (unsigned long) len); 1445 return; 1446 } 1447 1448 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 1449 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 1450 status_code = le_to_host16(mgmt->u.auth.status_code); 1451 1452 sta = ap_get_sta(hapd, mgmt->da); 1453 if (!sta) { 1454 printf("handle_auth_cb: STA " MACSTR " not found\n", 1455 MAC2STR(mgmt->da)); 1456 return; 1457 } 1458 1459 if (status_code == WLAN_STATUS_SUCCESS && 1460 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) || 1461 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) { 1462 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1463 HOSTAPD_LEVEL_INFO, "authenticated"); 1464 sta->flags |= WLAN_STA_AUTH; 1465 } 1466 } 1467 1468 1469 static void handle_assoc_cb(struct hostapd_data *hapd, 1470 const struct ieee80211_mgmt *mgmt, 1471 size_t len, int reassoc, int ok) 1472 { 1473 u16 status; 1474 struct sta_info *sta; 1475 int new_assoc = 1; 1476 struct ieee80211_ht_capabilities ht_cap; 1477 1478 if (!ok) { 1479 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 1480 HOSTAPD_LEVEL_DEBUG, 1481 "did not acknowledge association response"); 1482 return; 1483 } 1484 1485 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) : 1486 sizeof(mgmt->u.assoc_resp))) { 1487 printf("handle_assoc_cb(reassoc=%d) - too short payload " 1488 "(len=%lu)\n", reassoc, (unsigned long) len); 1489 return; 1490 } 1491 1492 if (reassoc) 1493 status = le_to_host16(mgmt->u.reassoc_resp.status_code); 1494 else 1495 status = le_to_host16(mgmt->u.assoc_resp.status_code); 1496 1497 sta = ap_get_sta(hapd, mgmt->da); 1498 if (!sta) { 1499 printf("handle_assoc_cb: STA " MACSTR " not found\n", 1500 MAC2STR(mgmt->da)); 1501 return; 1502 } 1503 1504 if (status != WLAN_STATUS_SUCCESS) 1505 goto fail; 1506 1507 /* Stop previous accounting session, if one is started, and allocate 1508 * new session id for the new session. */ 1509 accounting_sta_stop(hapd, sta); 1510 1511 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1512 HOSTAPD_LEVEL_INFO, 1513 "associated (aid %d)", 1514 sta->aid); 1515 1516 if (sta->flags & WLAN_STA_ASSOC) 1517 new_assoc = 0; 1518 sta->flags |= WLAN_STA_ASSOC; 1519 if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa) || 1520 sta->auth_alg == WLAN_AUTH_FT) { 1521 /* 1522 * Open, static WEP, or FT protocol; no separate authorization 1523 * step. 1524 */ 1525 ap_sta_set_authorized(hapd, sta, 1); 1526 } 1527 1528 if (reassoc) 1529 mlme_reassociate_indication(hapd, sta); 1530 else 1531 mlme_associate_indication(hapd, sta); 1532 1533 #ifdef CONFIG_IEEE80211W 1534 sta->sa_query_timed_out = 0; 1535 #endif /* CONFIG_IEEE80211W */ 1536 1537 /* 1538 * Remove the STA entry in order to make sure the STA PS state gets 1539 * cleared and configuration gets updated in case of reassociation back 1540 * to the same AP. 1541 */ 1542 hostapd_drv_sta_remove(hapd, sta->addr); 1543 1544 #ifdef CONFIG_IEEE80211N 1545 if (sta->flags & WLAN_STA_HT) 1546 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap); 1547 #endif /* CONFIG_IEEE80211N */ 1548 1549 if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability, 1550 sta->supported_rates, sta->supported_rates_len, 1551 sta->listen_interval, 1552 sta->flags & WLAN_STA_HT ? &ht_cap : NULL, 1553 sta->flags)) { 1554 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1555 HOSTAPD_LEVEL_NOTICE, 1556 "Could not add STA to kernel driver"); 1557 1558 ap_sta_disconnect(hapd, sta, sta->addr, 1559 WLAN_REASON_DISASSOC_AP_BUSY); 1560 1561 goto fail; 1562 } 1563 1564 if (sta->flags & WLAN_STA_WDS) 1565 hostapd_set_wds_sta(hapd, sta->addr, sta->aid, 1); 1566 1567 if (sta->eapol_sm == NULL) { 1568 /* 1569 * This STA does not use RADIUS server for EAP authentication, 1570 * so bind it to the selected VLAN interface now, since the 1571 * interface selection is not going to change anymore. 1572 */ 1573 if (ap_sta_bind_vlan(hapd, sta, 0) < 0) 1574 goto fail; 1575 } else if (sta->vlan_id) { 1576 /* VLAN ID already set (e.g., by PMKSA caching), so bind STA */ 1577 if (ap_sta_bind_vlan(hapd, sta, 0) < 0) 1578 goto fail; 1579 } 1580 1581 hostapd_set_sta_flags(hapd, sta); 1582 1583 if (sta->auth_alg == WLAN_AUTH_FT) 1584 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT); 1585 else 1586 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC); 1587 hapd->new_assoc_sta_cb(hapd, sta, !new_assoc); 1588 1589 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1); 1590 1591 fail: 1592 /* Copy of the association request is not needed anymore */ 1593 if (sta->last_assoc_req) { 1594 os_free(sta->last_assoc_req); 1595 sta->last_assoc_req = NULL; 1596 } 1597 } 1598 1599 1600 static void handle_deauth_cb(struct hostapd_data *hapd, 1601 const struct ieee80211_mgmt *mgmt, 1602 size_t len, int ok) 1603 { 1604 struct sta_info *sta; 1605 if (mgmt->da[0] & 0x01) 1606 return; 1607 sta = ap_get_sta(hapd, mgmt->da); 1608 if (!sta) { 1609 wpa_printf(MSG_DEBUG, "handle_deauth_cb: STA " MACSTR 1610 " not found", MAC2STR(mgmt->da)); 1611 return; 1612 } 1613 if (ok) 1614 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged deauth", 1615 MAC2STR(sta->addr)); 1616 else 1617 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 1618 "deauth", MAC2STR(sta->addr)); 1619 1620 ap_sta_deauth_cb(hapd, sta); 1621 } 1622 1623 1624 static void handle_disassoc_cb(struct hostapd_data *hapd, 1625 const struct ieee80211_mgmt *mgmt, 1626 size_t len, int ok) 1627 { 1628 struct sta_info *sta; 1629 if (mgmt->da[0] & 0x01) 1630 return; 1631 sta = ap_get_sta(hapd, mgmt->da); 1632 if (!sta) { 1633 wpa_printf(MSG_DEBUG, "handle_disassoc_cb: STA " MACSTR 1634 " not found", MAC2STR(mgmt->da)); 1635 return; 1636 } 1637 if (ok) 1638 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged disassoc", 1639 MAC2STR(sta->addr)); 1640 else 1641 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 1642 "disassoc", MAC2STR(sta->addr)); 1643 1644 ap_sta_disassoc_cb(hapd, sta); 1645 } 1646 1647 1648 /** 1649 * ieee802_11_mgmt_cb - Process management frame TX status callback 1650 * @hapd: hostapd BSS data structure (the BSS from which the management frame 1651 * was sent from) 1652 * @buf: management frame data (starting from IEEE 802.11 header) 1653 * @len: length of frame data in octets 1654 * @stype: management frame subtype from frame control field 1655 * @ok: Whether the frame was ACK'ed 1656 */ 1657 void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len, 1658 u16 stype, int ok) 1659 { 1660 const struct ieee80211_mgmt *mgmt; 1661 mgmt = (const struct ieee80211_mgmt *) buf; 1662 1663 switch (stype) { 1664 case WLAN_FC_STYPE_AUTH: 1665 wpa_printf(MSG_DEBUG, "mgmt::auth cb"); 1666 handle_auth_cb(hapd, mgmt, len, ok); 1667 break; 1668 case WLAN_FC_STYPE_ASSOC_RESP: 1669 wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb"); 1670 handle_assoc_cb(hapd, mgmt, len, 0, ok); 1671 break; 1672 case WLAN_FC_STYPE_REASSOC_RESP: 1673 wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb"); 1674 handle_assoc_cb(hapd, mgmt, len, 1, ok); 1675 break; 1676 case WLAN_FC_STYPE_PROBE_RESP: 1677 wpa_printf(MSG_EXCESSIVE, "mgmt::proberesp cb"); 1678 break; 1679 case WLAN_FC_STYPE_DEAUTH: 1680 wpa_printf(MSG_DEBUG, "mgmt::deauth cb"); 1681 handle_deauth_cb(hapd, mgmt, len, ok); 1682 break; 1683 case WLAN_FC_STYPE_DISASSOC: 1684 wpa_printf(MSG_DEBUG, "mgmt::disassoc cb"); 1685 handle_disassoc_cb(hapd, mgmt, len, ok); 1686 break; 1687 case WLAN_FC_STYPE_ACTION: 1688 wpa_printf(MSG_DEBUG, "mgmt::action cb"); 1689 break; 1690 default: 1691 printf("unknown mgmt cb frame subtype %d\n", stype); 1692 break; 1693 } 1694 } 1695 1696 1697 int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) 1698 { 1699 /* TODO */ 1700 return 0; 1701 } 1702 1703 1704 int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta, 1705 char *buf, size_t buflen) 1706 { 1707 /* TODO */ 1708 return 0; 1709 } 1710 1711 1712 void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr, 1713 const u8 *buf, size_t len, int ack) 1714 { 1715 struct sta_info *sta; 1716 struct hostapd_iface *iface = hapd->iface; 1717 1718 sta = ap_get_sta(hapd, addr); 1719 if (sta == NULL && iface->num_bss > 1) { 1720 size_t j; 1721 for (j = 0; j < iface->num_bss; j++) { 1722 hapd = iface->bss[j]; 1723 sta = ap_get_sta(hapd, addr); 1724 if (sta) 1725 break; 1726 } 1727 } 1728 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) 1729 return; 1730 if (sta->flags & WLAN_STA_PENDING_POLL) { 1731 wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending " 1732 "activity poll", MAC2STR(sta->addr), 1733 ack ? "ACKed" : "did not ACK"); 1734 if (ack) 1735 sta->flags &= ~WLAN_STA_PENDING_POLL; 1736 } 1737 1738 ieee802_1x_tx_status(hapd, sta, buf, len, ack); 1739 } 1740 1741 1742 void hostapd_client_poll_ok(struct hostapd_data *hapd, const u8 *addr) 1743 { 1744 struct sta_info *sta; 1745 struct hostapd_iface *iface = hapd->iface; 1746 1747 sta = ap_get_sta(hapd, addr); 1748 if (sta == NULL && iface->num_bss > 1) { 1749 size_t j; 1750 for (j = 0; j < iface->num_bss; j++) { 1751 hapd = iface->bss[j]; 1752 sta = ap_get_sta(hapd, addr); 1753 if (sta) 1754 break; 1755 } 1756 } 1757 if (sta == NULL) 1758 return; 1759 if (!(sta->flags & WLAN_STA_PENDING_POLL)) 1760 return; 1761 1762 wpa_printf(MSG_DEBUG, "STA " MACSTR " ACKed pending " 1763 "activity poll", MAC2STR(sta->addr)); 1764 sta->flags &= ~WLAN_STA_PENDING_POLL; 1765 } 1766 1767 1768 void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src, 1769 int wds) 1770 { 1771 struct sta_info *sta; 1772 1773 sta = ap_get_sta(hapd, src); 1774 if (sta && (sta->flags & WLAN_STA_ASSOC)) { 1775 if (wds && !(sta->flags & WLAN_STA_WDS)) { 1776 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for " 1777 "STA " MACSTR " (aid %u)", 1778 MAC2STR(sta->addr), sta->aid); 1779 sta->flags |= WLAN_STA_WDS; 1780 hostapd_set_wds_sta(hapd, sta->addr, sta->aid, 1); 1781 } 1782 return; 1783 } 1784 1785 wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA " 1786 MACSTR, MAC2STR(src)); 1787 if (src[0] & 0x01) { 1788 /* Broadcast bit set in SA?! Ignore the frame silently. */ 1789 return; 1790 } 1791 1792 if (sta && (sta->flags & WLAN_STA_ASSOC_REQ_OK)) { 1793 wpa_printf(MSG_DEBUG, "Association Response to the STA has " 1794 "already been sent, but no TX status yet known - " 1795 "ignore Class 3 frame issue with " MACSTR, 1796 MAC2STR(src)); 1797 return; 1798 } 1799 1800 if (sta && (sta->flags & WLAN_STA_AUTH)) 1801 hostapd_drv_sta_disassoc( 1802 hapd, src, 1803 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 1804 else 1805 hostapd_drv_sta_deauth( 1806 hapd, src, 1807 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 1808 } 1809 1810 1811 #endif /* CONFIG_NATIVE_WINDOWS */ 1812