]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/ap/ieee802_11.c
projects / thirdparty / hostap.git / blob
? search:


73699663dc4baa7cc73dae4211160c8ef62f3a14
[thirdparty/hostap.git] / src / ap / ieee802_11.c
1 /*
2 * hostapd / IEEE 802.11 Management
3 * Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #ifndef CONFIG_NATIVE_WINDOWS
12
13 #include "utils/common.h"
14 #include "utils/eloop.h"
15 #include "crypto/crypto.h"
16 #include "crypto/sha256.h"
17 #include "crypto/random.h"
18 #include "common/ieee802_11_defs.h"
19 #include "common/ieee802_11_common.h"
20 #include "common/wpa_ctrl.h"
21 #include "common/sae.h"
22 #include "radius/radius.h"
23 #include "radius/radius_client.h"
24 #include "p2p/p2p.h"
25 #include "wps/wps.h"
26 #include "fst/fst.h"
27 #include "hostapd.h"
28 #include "beacon.h"
29 #include "ieee802_11_auth.h"
30 #include "sta_info.h"
31 #include "ieee802_1x.h"
32 #include "wpa_auth.h"
33 #include "pmksa_cache_auth.h"
34 #include "wmm.h"
35 #include "ap_list.h"
36 #include "accounting.h"
37 #include "ap_config.h"
38 #include "ap_mlme.h"
39 #include "p2p_hostapd.h"
40 #include "ap_drv_ops.h"
41 #include "wnm_ap.h"
42 #include "hw_features.h"
43 #include "ieee802_11.h"
44 #include "dfs.h"
45 #include "mbo_ap.h"
46 #include "rrm.h"
47 #include "taxonomy.h"
48 #include "fils_hlp.h"
49
50
51 u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
52 {
53 u8 *pos = eid;
54 int i, num, count;
55
56 if (hapd->iface->current_rates == NULL)
57 return eid;
58
59 *pos++ = WLAN_EID_SUPP_RATES;
60 num = hapd->iface->num_rates;
61 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht)
62 num++;
63 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
64 num++;
65 if (num > 8) {
66 /* rest of the rates are encoded in Extended supported
67 * rates element */
68 num = 8;
69 }
70
71 *pos++ = num;
72 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num;
73 i++) {
74 count++;
75 *pos = hapd->iface->current_rates[i].rate / 5;
76 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
77 *pos |= 0x80;
78 pos++;
79 }
80
81 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && count < 8) {
82 count++;
83 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY;
84 }
85
86 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && count < 8) {
87 count++;
88 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
89 }
90
91 return pos;
92 }
93
94
95 u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid)
96 {
97 u8 *pos = eid;
98 int i, num, count;
99
100 if (hapd->iface->current_rates == NULL)
101 return eid;
102
103 num = hapd->iface->num_rates;
104 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht)
105 num++;
106 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
107 num++;
108 if (num <= 8)
109 return eid;
110 num -= 8;
111
112 *pos++ = WLAN_EID_EXT_SUPP_RATES;
113 *pos++ = num;
114 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8;
115 i++) {
116 count++;
117 if (count <= 8)
118 continue; /* already in SuppRates IE */
119 *pos = hapd->iface->current_rates[i].rate / 5;
120 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
121 *pos |= 0x80;
122 pos++;
123 }
124
125 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) {
126 count++;
127 if (count > 8)
128 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY;
129 }
130
131 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) {
132 count++;
133 if (count > 8)
134 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
135 }
136
137 return pos;
138 }
139
140
141 u16 hostapd_own_capab_info(struct hostapd_data *hapd)
142 {
143 int capab = WLAN_CAPABILITY_ESS;
144 int privacy;
145 int dfs;
146 int i;
147
148 /* Check if any of configured channels require DFS */
149 dfs = hostapd_is_dfs_required(hapd->iface);
150 if (dfs < 0) {
151 wpa_printf(MSG_WARNING, "Failed to check if DFS is required; ret=%d",
152 dfs);
153 dfs = 0;
154 }
155
156 if (hapd->iface->num_sta_no_short_preamble == 0 &&
157 hapd->iconf->preamble == SHORT_PREAMBLE)
158 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
159
160 privacy = hapd->conf->ssid.wep.keys_set;
161
162 if (hapd->conf->ieee802_1x &&
163 (hapd->conf->default_wep_key_len ||
164 hapd->conf->individual_wep_key_len))
165 privacy = 1;
166
167 if (hapd->conf->wpa)
168 privacy = 1;
169
170 #ifdef CONFIG_HS20
171 if (hapd->conf->osen)
172 privacy = 1;
173 #endif /* CONFIG_HS20 */
174
175 if (privacy)
176 capab |= WLAN_CAPABILITY_PRIVACY;
177
178 if (hapd->iface->current_mode &&
179 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G &&
180 hapd->iface->num_sta_no_short_slot_time == 0)
181 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
182
183 /*
184 * Currently, Spectrum Management capability bit is set when directly
185 * requested in configuration by spectrum_mgmt_required or when AP is
186 * running on DFS channel.
187 * TODO: Also consider driver support for TPC to set Spectrum Mgmt bit
188 */
189 if (hapd->iface->current_mode &&
190 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211A &&
191 (hapd->iconf->spectrum_mgmt_required || dfs))
192 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
193
194 for (i = 0; i < RRM_CAPABILITIES_IE_LEN; i++) {
195 if (hapd->conf->radio_measurements[i]) {
196 capab |= IEEE80211_CAP_RRM;
197 break;
198 }
199 }
200
201 return capab;
202 }
203
204
205 #ifndef CONFIG_NO_RC4
206 static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta,
207 u16 auth_transaction, const u8 *challenge,
208 int iswep)
209 {
210 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
211 HOSTAPD_LEVEL_DEBUG,
212 "authentication (shared key, transaction %d)",
213 auth_transaction);
214
215 if (auth_transaction == 1) {
216 if (!sta->challenge) {
217 /* Generate a pseudo-random challenge */
218 u8 key[8];
219
220 sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN);
221 if (sta->challenge == NULL)
222 return WLAN_STATUS_UNSPECIFIED_FAILURE;
223
224 if (os_get_random(key, sizeof(key)) < 0) {
225 os_free(sta->challenge);
226 sta->challenge = NULL;
227 return WLAN_STATUS_UNSPECIFIED_FAILURE;
228 }
229
230 rc4_skip(key, sizeof(key), 0,
231 sta->challenge, WLAN_AUTH_CHALLENGE_LEN);
232 }
233 return 0;
234 }
235
236 if (auth_transaction != 3)
237 return WLAN_STATUS_UNSPECIFIED_FAILURE;
238
239 /* Transaction 3 */
240 if (!iswep || !sta->challenge || !challenge ||
241 os_memcmp_const(sta->challenge, challenge,
242 WLAN_AUTH_CHALLENGE_LEN)) {
243 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
244 HOSTAPD_LEVEL_INFO,
245 "shared key authentication - invalid "
246 "challenge-response");
247 return WLAN_STATUS_CHALLENGE_FAIL;
248 }
249
250 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
251 HOSTAPD_LEVEL_DEBUG,
252 "authentication OK (shared key)");
253 sta->flags |= WLAN_STA_AUTH;
254 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
255 os_free(sta->challenge);
256 sta->challenge = NULL;
257
258 return 0;
259 }
260 #endif /* CONFIG_NO_RC4 */
261
262
263 static int send_auth_reply(struct hostapd_data *hapd,
264 const u8 *dst, const u8 *bssid,
265 u16 auth_alg, u16 auth_transaction, u16 resp,
266 const u8 *ies, size_t ies_len)
267 {
268 struct ieee80211_mgmt *reply;
269 u8 *buf;
270 size_t rlen;
271 int reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE;
272
273 rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len;
274 buf = os_zalloc(rlen);
275 if (buf == NULL)
276 return -1;
277
278 reply = (struct ieee80211_mgmt *) buf;
279 reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
280 WLAN_FC_STYPE_AUTH);
281 os_memcpy(reply->da, dst, ETH_ALEN);
282 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN);
283 os_memcpy(reply->bssid, bssid, ETH_ALEN);
284
285 reply->u.auth.auth_alg = host_to_le16(auth_alg);
286 reply->u.auth.auth_transaction = host_to_le16(auth_transaction);
287 reply->u.auth.status_code = host_to_le16(resp);
288
289 if (ies && ies_len)
290 os_memcpy(reply->u.auth.variable, ies, ies_len);
291
292 wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR
293 " auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu)",
294 MAC2STR(dst), auth_alg, auth_transaction,
295 resp, (unsigned long) ies_len);
296 if (hostapd_drv_send_mlme(hapd, reply, rlen, 0) < 0)
297 wpa_printf(MSG_INFO, "send_auth_reply: send failed");
298 else
299 reply_res = WLAN_STATUS_SUCCESS;
300
301 os_free(buf);
302
303 return reply_res;
304 }
305
306
307 #ifdef CONFIG_IEEE80211R_AP
308 static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid,
309 u16 auth_transaction, u16 status,
310 const u8 *ies, size_t ies_len)
311 {
312 struct hostapd_data *hapd = ctx;
313 struct sta_info *sta;
314 int reply_res;
315
316 reply_res = send_auth_reply(hapd, dst, bssid, WLAN_AUTH_FT,
317 auth_transaction, status, ies, ies_len);
318
319 sta = ap_get_sta(hapd, dst);
320 if (sta == NULL)
321 return;
322
323 if (sta->added_unassoc && (reply_res != WLAN_STATUS_SUCCESS ||
324 status != WLAN_STATUS_SUCCESS)) {
325 hostapd_drv_sta_remove(hapd, sta->addr);
326 sta->added_unassoc = 0;
327 return;
328 }
329
330 if (status != WLAN_STATUS_SUCCESS)
331 return;
332
333 hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211,
334 HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)");
335 sta->flags |= WLAN_STA_AUTH;
336 mlme_authenticate_indication(hapd, sta);
337 }
338 #endif /* CONFIG_IEEE80211R_AP */
339
340
341 #ifdef CONFIG_SAE
342
343 #define dot11RSNASAESync 5 /* attempts */
344
345
346 static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd,
347 struct sta_info *sta, int update)
348 {
349 struct wpabuf *buf;
350
351 if (hapd->conf->ssid.wpa_passphrase == NULL) {
352 wpa_printf(MSG_DEBUG, "SAE: No password available");
353 return NULL;
354 }
355
356 if (update &&
357 sae_prepare_commit(hapd->own_addr, sta->addr,
358 (u8 *) hapd->conf->ssid.wpa_passphrase,
359 os_strlen(hapd->conf->ssid.wpa_passphrase),
360 sta->sae) < 0) {
361 wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
362 return NULL;
363 }
364
365 buf = wpabuf_alloc(SAE_COMMIT_MAX_LEN);
366 if (buf == NULL)
367 return NULL;
368 sae_write_commit(sta->sae, buf, sta->sae->tmp ?
369 sta->sae->tmp->anti_clogging_token : NULL);
370
371 return buf;
372 }
373
374
375 static struct wpabuf * auth_build_sae_confirm(struct hostapd_data *hapd,
376 struct sta_info *sta)
377 {
378 struct wpabuf *buf;
379
380 buf = wpabuf_alloc(SAE_CONFIRM_MAX_LEN);
381 if (buf == NULL)
382 return NULL;
383
384 sae_write_confirm(sta->sae, buf);
385
386 return buf;
387 }
388
389
390 static int auth_sae_send_commit(struct hostapd_data *hapd,
391 struct sta_info *sta,
392 const u8 *bssid, int update)
393 {
394 struct wpabuf *data;
395 int reply_res;
396
397 data = auth_build_sae_commit(hapd, sta, update);
398 if (data == NULL)
399 return WLAN_STATUS_UNSPECIFIED_FAILURE;
400
401 reply_res = send_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 1,
402 WLAN_STATUS_SUCCESS, wpabuf_head(data),
403 wpabuf_len(data));
404
405 wpabuf_free(data);
406
407 return reply_res;
408 }
409
410
411 static int auth_sae_send_confirm(struct hostapd_data *hapd,
412 struct sta_info *sta,
413 const u8 *bssid)
414 {
415 struct wpabuf *data;
416 int reply_res;
417
418 data = auth_build_sae_confirm(hapd, sta);
419 if (data == NULL)
420 return WLAN_STATUS_UNSPECIFIED_FAILURE;
421
422 reply_res = send_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 2,
423 WLAN_STATUS_SUCCESS, wpabuf_head(data),
424 wpabuf_len(data));
425
426 wpabuf_free(data);
427
428 return reply_res;
429 }
430
431
432 static int use_sae_anti_clogging(struct hostapd_data *hapd)
433 {
434 struct sta_info *sta;
435 unsigned int open = 0;
436
437 if (hapd->conf->sae_anti_clogging_threshold == 0)
438 return 1;
439
440 for (sta = hapd->sta_list; sta; sta = sta->next) {
441 if (!sta->sae)
442 continue;
443 if (sta->sae->state != SAE_COMMITTED &&
444 sta->sae->state != SAE_CONFIRMED)
445 continue;
446 open++;
447 if (open >= hapd->conf->sae_anti_clogging_threshold)
448 return 1;
449 }
450
451 return 0;
452 }
453
454
455 static int check_sae_token(struct hostapd_data *hapd, const u8 *addr,
456 const u8 *token, size_t token_len)
457 {
458 u8 mac[SHA256_MAC_LEN];
459
460 if (token_len != SHA256_MAC_LEN)
461 return -1;
462 if (hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key),
463 addr, ETH_ALEN, mac) < 0 ||
464 os_memcmp_const(token, mac, SHA256_MAC_LEN) != 0)
465 return -1;
466
467 return 0;
468 }
469
470
471 static struct wpabuf * auth_build_token_req(struct hostapd_data *hapd,
472 int group, const u8 *addr)
473 {
474 struct wpabuf *buf;
475 u8 *token;
476 struct os_reltime now;
477
478 os_get_reltime(&now);
479 if (!os_reltime_initialized(&hapd->last_sae_token_key_update) ||
480 os_reltime_expired(&now, &hapd->last_sae_token_key_update, 60)) {
481 if (random_get_bytes(hapd->sae_token_key,
482 sizeof(hapd->sae_token_key)) < 0)
483 return NULL;
484 wpa_hexdump(MSG_DEBUG, "SAE: Updated token key",
485 hapd->sae_token_key, sizeof(hapd->sae_token_key));
486 hapd->last_sae_token_key_update = now;
487 }
488
489 buf = wpabuf_alloc(sizeof(le16) + SHA256_MAC_LEN);
490 if (buf == NULL)
491 return NULL;
492
493 wpabuf_put_le16(buf, group); /* Finite Cyclic Group */
494
495 token = wpabuf_put(buf, SHA256_MAC_LEN);
496 hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key),
497 addr, ETH_ALEN, token);
498
499 return buf;
500 }
501
502
503 static int sae_check_big_sync(struct sta_info *sta)
504 {
505 if (sta->sae->sync > dot11RSNASAESync) {
506 sta->sae->state = SAE_NOTHING;
507 sta->sae->sync = 0;
508 return -1;
509 }
510 return 0;
511 }
512
513
514 static void auth_sae_retransmit_timer(void *eloop_ctx, void *eloop_data)
515 {
516 struct hostapd_data *hapd = eloop_ctx;
517 struct sta_info *sta = eloop_data;
518 int ret;
519
520 if (sae_check_big_sync(sta))
521 return;
522 sta->sae->sync++;
523 wpa_printf(MSG_DEBUG, "SAE: Auth SAE retransmit timer for " MACSTR
524 " (sync=%d state=%d)",
525 MAC2STR(sta->addr), sta->sae->sync, sta->sae->state);
526
527 switch (sta->sae->state) {
528 case SAE_COMMITTED:
529 ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0);
530 eloop_register_timeout(0,
531 hapd->dot11RSNASAERetransPeriod * 1000,
532 auth_sae_retransmit_timer, hapd, sta);
533 break;
534 case SAE_CONFIRMED:
535 ret = auth_sae_send_confirm(hapd, sta, hapd->own_addr);
536 eloop_register_timeout(0,
537 hapd->dot11RSNASAERetransPeriod * 1000,
538 auth_sae_retransmit_timer, hapd, sta);
539 break;
540 default:
541 ret = -1;
542 break;
543 }
544
545 if (ret != WLAN_STATUS_SUCCESS)
546 wpa_printf(MSG_INFO, "SAE: Failed to retransmit: ret=%d", ret);
547 }
548
549
550 void sae_clear_retransmit_timer(struct hostapd_data *hapd, struct sta_info *sta)
551 {
552 eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta);
553 }
554
555
556 static void sae_set_retransmit_timer(struct hostapd_data *hapd,
557 struct sta_info *sta)
558 {
559 if (!(hapd->conf->mesh & MESH_ENABLED))
560 return;
561
562 eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta);
563 eloop_register_timeout(0, hapd->dot11RSNASAERetransPeriod * 1000,
564 auth_sae_retransmit_timer, hapd, sta);
565 }
566
567
568 void sae_accept_sta(struct hostapd_data *hapd, struct sta_info *sta)
569 {
570 sta->flags |= WLAN_STA_AUTH;
571 sta->auth_alg = WLAN_AUTH_SAE;
572 mlme_authenticate_indication(hapd, sta);
573 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
574 sta->sae->state = SAE_ACCEPTED;
575 wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr,
576 sta->sae->pmk, sta->sae->pmkid);
577 }
578
579
580 static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta,
581 const u8 *bssid, u8 auth_transaction)
582 {
583 int ret;
584
585 if (auth_transaction != 1 && auth_transaction != 2)
586 return WLAN_STATUS_UNSPECIFIED_FAILURE;
587
588 switch (sta->sae->state) {
589 case SAE_NOTHING:
590 if (auth_transaction == 1) {
591 ret = auth_sae_send_commit(hapd, sta, bssid, 1);
592 if (ret)
593 return ret;
594 sta->sae->state = SAE_COMMITTED;
595
596 if (sae_process_commit(sta->sae) < 0)
597 return WLAN_STATUS_UNSPECIFIED_FAILURE;
598
599 /*
600 * In mesh case, both Commit and Confirm can be sent
601 * immediately. In infrastructure BSS, only a single
602 * Authentication frame (Commit) is expected from the AP
603 * here and the second one (Confirm) will be sent once
604 * the STA has sent its second Authentication frame
605 * (Confirm).
606 */
607 if (hapd->conf->mesh & MESH_ENABLED) {
608 /*
609 * Send both Commit and Confirm immediately
610 * based on SAE finite state machine
611 * Nothing -> Confirm transition.
612 */
613 ret = auth_sae_send_confirm(hapd, sta, bssid);
614 if (ret)
615 return ret;
616 sta->sae->state = SAE_CONFIRMED;
617 } else {
618 /*
619 * For infrastructure BSS, send only the Commit
620 * message now to get alternating sequence of
621 * Authentication frames between the AP and STA.
622 * Confirm will be sent in
623 * Committed -> Confirmed/Accepted transition
624 * when receiving Confirm from STA.
625 */
626 }
627 sta->sae->sync = 0;
628 sae_set_retransmit_timer(hapd, sta);
629 } else {
630 hostapd_logger(hapd, sta->addr,
631 HOSTAPD_MODULE_IEEE80211,
632 HOSTAPD_LEVEL_DEBUG,
633 "SAE confirm before commit");
634 }
635 break;
636 case SAE_COMMITTED:
637 sae_clear_retransmit_timer(hapd, sta);
638 if (auth_transaction == 1) {
639 if (sae_process_commit(sta->sae) < 0)
640 return WLAN_STATUS_UNSPECIFIED_FAILURE;
641
642 ret = auth_sae_send_confirm(hapd, sta, bssid);
643 if (ret)
644 return ret;
645 sta->sae->state = SAE_CONFIRMED;
646 sta->sae->sync = 0;
647 sae_set_retransmit_timer(hapd, sta);
648 } else if (hapd->conf->mesh & MESH_ENABLED) {
649 /*
650 * In mesh case, follow SAE finite state machine and
651 * send Commit now, if sync count allows.
652 */
653 if (sae_check_big_sync(sta))
654 return WLAN_STATUS_SUCCESS;
655 sta->sae->sync++;
656
657 ret = auth_sae_send_commit(hapd, sta, bssid, 0);
658 if (ret)
659 return ret;
660
661 sae_set_retransmit_timer(hapd, sta);
662 } else {
663 /*
664 * For instructure BSS, send the postponed Confirm from
665 * Nothing -> Confirmed transition that was reduced to
666 * Nothing -> Committed above.
667 */
668 ret = auth_sae_send_confirm(hapd, sta, bssid);
669 if (ret)
670 return ret;
671
672 sta->sae->state = SAE_CONFIRMED;
673
674 /*
675 * Since this was triggered on Confirm RX, run another
676 * step to get to Accepted without waiting for
677 * additional events.
678 */
679 return sae_sm_step(hapd, sta, bssid, auth_transaction);
680 }
681 break;
682 case SAE_CONFIRMED:
683 sae_clear_retransmit_timer(hapd, sta);
684 if (auth_transaction == 1) {
685 if (sae_check_big_sync(sta))
686 return WLAN_STATUS_SUCCESS;
687 sta->sae->sync++;
688
689 ret = auth_sae_send_commit(hapd, sta, bssid, 1);
690 if (ret)
691 return ret;
692
693 if (sae_process_commit(sta->sae) < 0)
694 return WLAN_STATUS_UNSPECIFIED_FAILURE;
695
696 ret = auth_sae_send_confirm(hapd, sta, bssid);
697 if (ret)
698 return ret;
699
700 sae_set_retransmit_timer(hapd, sta);
701 } else {
702 sae_accept_sta(hapd, sta);
703 }
704 break;
705 case SAE_ACCEPTED:
706 if (auth_transaction == 1) {
707 wpa_printf(MSG_DEBUG, "SAE: remove the STA (" MACSTR
708 ") doing reauthentication",
709 MAC2STR(sta->addr));
710 ap_free_sta(hapd, sta);
711 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
712 } else {
713 if (sae_check_big_sync(sta))
714 return WLAN_STATUS_SUCCESS;
715 sta->sae->sync++;
716
717 ret = auth_sae_send_confirm(hapd, sta, bssid);
718 sae_clear_temp_data(sta->sae);
719 if (ret)
720 return ret;
721 }
722 break;
723 default:
724 wpa_printf(MSG_ERROR, "SAE: invalid state %d",
725 sta->sae->state);
726 return WLAN_STATUS_UNSPECIFIED_FAILURE;
727 }
728 return WLAN_STATUS_SUCCESS;
729 }
730
731
732 static void sae_pick_next_group(struct hostapd_data *hapd, struct sta_info *sta)
733 {
734 struct sae_data *sae = sta->sae;
735 int i, *groups = hapd->conf->sae_groups;
736
737 if (sae->state != SAE_COMMITTED)
738 return;
739
740 wpa_printf(MSG_DEBUG, "SAE: Previously selected group: %d", sae->group);
741
742 for (i = 0; groups && groups[i] > 0; i++) {
743 if (sae->group == groups[i])
744 break;
745 }
746
747 if (!groups || groups[i] <= 0) {
748 wpa_printf(MSG_DEBUG,
749 "SAE: Previously selected group not found from the current configuration");
750 return;
751 }
752
753 for (;;) {
754 i++;
755 if (groups[i] <= 0) {
756 wpa_printf(MSG_DEBUG,
757 "SAE: No alternative group enabled");
758 return;
759 }
760
761 if (sae_set_group(sae, groups[i]) < 0)
762 continue;
763
764 break;
765 }
766 wpa_printf(MSG_DEBUG, "SAE: Selected new group: %d", groups[i]);
767 }
768
769
770 static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
771 const struct ieee80211_mgmt *mgmt, size_t len,
772 u16 auth_transaction, u16 status_code)
773 {
774 int resp = WLAN_STATUS_SUCCESS;
775 struct wpabuf *data = NULL;
776
777 if (!sta->sae) {
778 if (auth_transaction != 1 ||
779 status_code != WLAN_STATUS_SUCCESS) {
780 resp = -1;
781 goto remove_sta;
782 }
783 sta->sae = os_zalloc(sizeof(*sta->sae));
784 if (!sta->sae) {
785 resp = -1;
786 goto remove_sta;
787 }
788 sta->sae->state = SAE_NOTHING;
789 sta->sae->sync = 0;
790 }
791
792 if (sta->mesh_sae_pmksa_caching) {
793 wpa_printf(MSG_DEBUG,
794 "SAE: Cancel use of mesh PMKSA caching because peer starts SAE authentication");
795 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
796 sta->mesh_sae_pmksa_caching = 0;
797 }
798
799 if (auth_transaction == 1) {
800 const u8 *token = NULL, *pos, *end;
801 size_t token_len = 0;
802 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
803 HOSTAPD_LEVEL_DEBUG,
804 "start SAE authentication (RX commit, status=%u)",
805 status_code);
806
807 if ((hapd->conf->mesh & MESH_ENABLED) &&
808 status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ &&
809 sta->sae->tmp) {
810 pos = mgmt->u.auth.variable;
811 end = ((const u8 *) mgmt) + len;
812 if (pos + sizeof(le16) > end) {
813 wpa_printf(MSG_ERROR,
814 "SAE: Too short anti-clogging token request");
815 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
816 goto reply;
817 }
818 resp = sae_group_allowed(sta->sae,
819 hapd->conf->sae_groups,
820 WPA_GET_LE16(pos));
821 if (resp != WLAN_STATUS_SUCCESS) {
822 wpa_printf(MSG_ERROR,
823 "SAE: Invalid group in anti-clogging token request");
824 goto reply;
825 }
826 pos += sizeof(le16);
827
828 wpabuf_free(sta->sae->tmp->anti_clogging_token);
829 sta->sae->tmp->anti_clogging_token =
830 wpabuf_alloc_copy(pos, end - pos);
831 if (sta->sae->tmp->anti_clogging_token == NULL) {
832 wpa_printf(MSG_ERROR,
833 "SAE: Failed to alloc for anti-clogging token");
834 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
835 goto remove_sta;
836 }
837
838 /*
839 * IEEE Std 802.11-2012, 11.3.8.6.4: If the Status code
840 * is 76, a new Commit Message shall be constructed
841 * with the Anti-Clogging Token from the received
842 * Authentication frame, and the commit-scalar and
843 * COMMIT-ELEMENT previously sent.
844 */
845 resp = auth_sae_send_commit(hapd, sta, mgmt->bssid, 0);
846 if (resp != WLAN_STATUS_SUCCESS) {
847 wpa_printf(MSG_ERROR,
848 "SAE: Failed to send commit message");
849 goto remove_sta;
850 }
851 sta->sae->state = SAE_COMMITTED;
852 sta->sae->sync = 0;
853 sae_set_retransmit_timer(hapd, sta);
854 return;
855 }
856
857 if ((hapd->conf->mesh & MESH_ENABLED) &&
858 status_code ==
859 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED &&
860 sta->sae->tmp) {
861 wpa_printf(MSG_DEBUG,
862 "SAE: Peer did not accept our SAE group");
863 sae_pick_next_group(hapd, sta);
864 goto remove_sta;
865 }
866
867 if (status_code != WLAN_STATUS_SUCCESS)
868 goto remove_sta;
869
870 resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable,
871 ((const u8 *) mgmt) + len -
872 mgmt->u.auth.variable, &token,
873 &token_len, hapd->conf->sae_groups);
874 if (resp == SAE_SILENTLY_DISCARD) {
875 wpa_printf(MSG_DEBUG,
876 "SAE: Drop commit message from " MACSTR " due to reflection attack",
877 MAC2STR(sta->addr));
878 goto remove_sta;
879 }
880 if (token && check_sae_token(hapd, sta->addr, token, token_len)
881 < 0) {
882 wpa_printf(MSG_DEBUG, "SAE: Drop commit message with "
883 "incorrect token from " MACSTR,
884 MAC2STR(sta->addr));
885 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
886 goto remove_sta;
887 }
888
889 if (resp != WLAN_STATUS_SUCCESS)
890 goto reply;
891
892 if (!token && use_sae_anti_clogging(hapd)) {
893 wpa_printf(MSG_DEBUG,
894 "SAE: Request anti-clogging token from "
895 MACSTR, MAC2STR(sta->addr));
896 data = auth_build_token_req(hapd, sta->sae->group,
897 sta->addr);
898 resp = WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ;
899 if (hapd->conf->mesh & MESH_ENABLED)
900 sta->sae->state = SAE_NOTHING;
901 goto reply;
902 }
903
904 resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction);
905 } else if (auth_transaction == 2) {
906 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
907 HOSTAPD_LEVEL_DEBUG,
908 "SAE authentication (RX confirm, status=%u)",
909 status_code);
910 if (status_code != WLAN_STATUS_SUCCESS)
911 goto remove_sta;
912 if (sta->sae->state >= SAE_CONFIRMED ||
913 !(hapd->conf->mesh & MESH_ENABLED)) {
914 if (sae_check_confirm(sta->sae, mgmt->u.auth.variable,
915 ((u8 *) mgmt) + len -
916 mgmt->u.auth.variable) < 0) {
917 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
918 goto reply;
919 }
920 }
921 resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction);
922 } else {
923 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
924 HOSTAPD_LEVEL_DEBUG,
925 "unexpected SAE authentication transaction %u (status=%u)",
926 auth_transaction, status_code);
927 if (status_code != WLAN_STATUS_SUCCESS)
928 goto remove_sta;
929 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
930 }
931
932 reply:
933 if (resp != WLAN_STATUS_SUCCESS) {
934 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE,
935 auth_transaction, resp,
936 data ? wpabuf_head(data) : (u8 *) "",
937 data ? wpabuf_len(data) : 0);
938 }
939
940 remove_sta:
941 if (sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS ||
942 status_code != WLAN_STATUS_SUCCESS)) {
943 hostapd_drv_sta_remove(hapd, sta->addr);
944 sta->added_unassoc = 0;
945 }
946 wpabuf_free(data);
947 }
948
949
950 /**
951 * auth_sae_init_committed - Send COMMIT and start SAE in committed state
952 * @hapd: BSS data for the device initiating the authentication
953 * @sta: the peer to which commit authentication frame is sent
954 *
955 * This function implements Init event handling (IEEE Std 802.11-2012,
956 * 11.3.8.6.3) in which initial COMMIT message is sent. Prior to calling, the
957 * sta->sae structure should be initialized appropriately via a call to
958 * sae_prepare_commit().
959 */
960 int auth_sae_init_committed(struct hostapd_data *hapd, struct sta_info *sta)
961 {
962 int ret;
963
964 if (!sta->sae || !sta->sae->tmp)
965 return -1;
966
967 if (sta->sae->state != SAE_NOTHING)
968 return -1;
969
970 ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0);
971 if (ret)
972 return -1;
973
974 sta->sae->state = SAE_COMMITTED;
975 sta->sae->sync = 0;
976 sae_set_retransmit_timer(hapd, sta);
977
978 return 0;
979 }
980
981 #endif /* CONFIG_SAE */
982
983
984 static u16 wpa_res_to_status_code(int res)
985 {
986 if (res == WPA_INVALID_GROUP)
987 return WLAN_STATUS_GROUP_CIPHER_NOT_VALID;
988 if (res == WPA_INVALID_PAIRWISE)
989 return WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID;
990 if (res == WPA_INVALID_AKMP)
991 return WLAN_STATUS_AKMP_NOT_VALID;
992 if (res == WPA_ALLOC_FAIL)
993 return WLAN_STATUS_UNSPECIFIED_FAILURE;
994 #ifdef CONFIG_IEEE80211W
995 if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION)
996 return WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION;
997 if (res == WPA_INVALID_MGMT_GROUP_CIPHER)
998 return WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION;
999 #endif /* CONFIG_IEEE80211W */
1000 if (res == WPA_INVALID_MDIE)
1001 return WLAN_STATUS_INVALID_MDIE;
1002 if (res != WPA_IE_OK)
1003 return WLAN_STATUS_INVALID_IE;
1004 return WLAN_STATUS_SUCCESS;
1005 }
1006
1007
1008 #ifdef CONFIG_FILS
1009
1010 static void handle_auth_fils_finish(struct hostapd_data *hapd,
1011 struct sta_info *sta, u16 resp,
1012 struct rsn_pmksa_cache_entry *pmksa,
1013 struct wpabuf *erp_resp,
1014 const u8 *msk, size_t msk_len);
1015
1016 static void handle_auth_fils(struct hostapd_data *hapd, struct sta_info *sta,
1017 const struct ieee80211_mgmt *mgmt, size_t len,
1018 u16 auth_transaction, u16 status_code)
1019 {
1020 u16 resp = WLAN_STATUS_SUCCESS;
1021 const u8 *pos, *end;
1022 struct ieee802_11_elems elems;
1023 int res;
1024 struct wpa_ie_data rsn;
1025 struct rsn_pmksa_cache_entry *pmksa = NULL;
1026
1027 if (auth_transaction != 1 || status_code != WLAN_STATUS_SUCCESS)
1028 return;
1029
1030 pos = mgmt->u.auth.variable;
1031 end = ((const u8 *) mgmt) + len;
1032
1033 wpa_hexdump(MSG_DEBUG, "FILS: Authentication frame fields",
1034 pos, end - pos);
1035
1036 /* TODO: Finite Cyclic Group when using PK or PFS */
1037 /* TODO: Element when using PK or PFS */
1038
1039 wpa_hexdump(MSG_DEBUG, "FILS: Remaining IEs", pos, end - pos);
1040 if (ieee802_11_parse_elems(pos, end - pos, &elems, 1) == ParseFailed) {
1041 wpa_printf(MSG_DEBUG, "FILS: Could not parse elements");
1042 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1043 goto fail;
1044 }
1045
1046 /* RSNE */
1047 wpa_hexdump(MSG_DEBUG, "FILS: RSN element",
1048 elems.rsn_ie, elems.rsn_ie_len);
1049 if (!elems.rsn_ie ||
1050 wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
1051 &rsn) < 0) {
1052 wpa_printf(MSG_DEBUG, "FILS: No valid RSN element");
1053 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1054 goto fail;
1055 }
1056
1057 if (!sta->wpa_sm)
1058 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr,
1059 NULL);
1060 if (!sta->wpa_sm) {
1061 wpa_printf(MSG_DEBUG,
1062 "FILS: Failed to initialize RSN state machine");
1063 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1064 goto fail;
1065 }
1066
1067 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
1068 elems.rsn_ie - 2, elems.rsn_ie_len + 2,
1069 elems.mdie, elems.mdie_len);
1070 resp = wpa_res_to_status_code(res);
1071 if (resp != WLAN_STATUS_SUCCESS)
1072 goto fail;
1073
1074 /* TODO: MDE when using FILS+FT */
1075 /* TODO: FTE when using FILS+FT */
1076
1077 if (!elems.fils_nonce) {
1078 wpa_printf(MSG_DEBUG, "FILS: No FILS Nonce field");
1079 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1080 goto fail;
1081 }
1082 wpa_hexdump(MSG_DEBUG, "FILS: SNonce", elems.fils_nonce,
1083 FILS_NONCE_LEN);
1084 os_memcpy(sta->fils_snonce, elems.fils_nonce, FILS_NONCE_LEN);
1085
1086 /* PMKID List */
1087 if (rsn.pmkid && rsn.num_pmkid > 0) {
1088 u8 num;
1089 const u8 *pmkid;
1090
1091 wpa_hexdump(MSG_DEBUG, "FILS: PMKID List",
1092 rsn.pmkid, rsn.num_pmkid * PMKID_LEN);
1093
1094 pmkid = rsn.pmkid;
1095 num = rsn.num_pmkid;
1096 while (num) {
1097 wpa_hexdump(MSG_DEBUG, "FILS: PMKID", pmkid, PMKID_LEN);
1098 pmksa = wpa_auth_pmksa_get(hapd->wpa_auth, sta->addr,
1099 pmkid);
1100 if (pmksa)
1101 break;
1102 pmksa = wpa_auth_pmksa_get_fils_cache_id(hapd->wpa_auth,
1103 sta->addr,
1104 pmkid);
1105 if (pmksa)
1106 break;
1107 pmkid += PMKID_LEN;
1108 num--;
1109 }
1110 }
1111 if (pmksa && wpa_auth_sta_key_mgmt(sta->wpa_sm) != pmksa->akmp) {
1112 wpa_printf(MSG_DEBUG,
1113 "FILS: Matching PMKSA cache entry has different AKMP (0x%x != 0x%x) - ignore",
1114 wpa_auth_sta_key_mgmt(sta->wpa_sm), pmksa->akmp);
1115 pmksa = NULL;
1116 }
1117 if (pmksa)
1118 wpa_printf(MSG_DEBUG, "FILS: Found matching PMKSA cache entry");
1119
1120 /* FILS Session */
1121 if (!elems.fils_session) {
1122 wpa_printf(MSG_DEBUG, "FILS: No FILS Session element");
1123 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1124 goto fail;
1125 }
1126 wpa_hexdump(MSG_DEBUG, "FILS: FILS Session", elems.fils_session,
1127 FILS_SESSION_LEN);
1128 os_memcpy(sta->fils_session, elems.fils_session, FILS_SESSION_LEN);
1129
1130 /* FILS Wrapped Data */
1131 if (elems.fils_wrapped_data) {
1132 wpa_hexdump(MSG_DEBUG, "FILS: Wrapped Data",
1133 elems.fils_wrapped_data,
1134 elems.fils_wrapped_data_len);
1135 if (!pmksa) {
1136 #ifndef CONFIG_NO_RADIUS
1137 if (!sta->eapol_sm) {
1138 sta->eapol_sm =
1139 ieee802_1x_alloc_eapol_sm(hapd, sta);
1140 }
1141 wpa_printf(MSG_DEBUG,
1142 "FILS: Forward EAP-Identity/Re-auth Start to authentication server");
1143 ieee802_1x_encapsulate_radius(
1144 hapd, sta, elems.fils_wrapped_data,
1145 elems.fils_wrapped_data_len);
1146 wpa_printf(MSG_DEBUG,
1147 "FILS: Will send Authentication frame once the response from authentication server is available");
1148 sta->flags |= WLAN_STA_PENDING_FILS_ERP;
1149 return;
1150 #else /* CONFIG_NO_RADIUS */
1151 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1152 goto fail;
1153 #endif /* CONFIG_NO_RADIUS */
1154 }
1155 }
1156
1157 fail:
1158 handle_auth_fils_finish(hapd, sta, resp, pmksa, NULL, NULL, 0);
1159 }
1160
1161
1162 static void handle_auth_fils_finish(struct hostapd_data *hapd,
1163 struct sta_info *sta, u16 resp,
1164 struct rsn_pmksa_cache_entry *pmksa,
1165 struct wpabuf *erp_resp,
1166 const u8 *msk, size_t msk_len)
1167 {
1168 u8 fils_nonce[FILS_NONCE_LEN];
1169 size_t ielen;
1170 struct wpabuf *data = NULL;
1171 const u8 *ie;
1172 u8 *ie_buf = NULL;
1173 const u8 *pmk = NULL;
1174 size_t pmk_len = 0;
1175 u8 pmk_buf[PMK_LEN_MAX];
1176
1177 if (resp != WLAN_STATUS_SUCCESS)
1178 goto fail;
1179
1180 ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ielen);
1181 if (!ie) {
1182 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1183 goto fail;
1184 }
1185 if (pmksa) {
1186 /* Add PMKID of the selected PMKSA into RSNE */
1187 ie_buf = os_malloc(ielen + 2 + 2 + PMKID_LEN);
1188 if (!ie_buf) {
1189 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1190 goto fail;
1191 }
1192 os_memcpy(ie_buf, ie, ielen);
1193 if (wpa_insert_pmkid(ie_buf, &ielen, pmksa->pmkid) < 0) {
1194 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1195 goto fail;
1196 }
1197 ie = ie_buf;
1198 }
1199
1200 if (random_get_bytes(fils_nonce, FILS_NONCE_LEN) < 0) {
1201 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1202 goto fail;
1203 }
1204 wpa_hexdump(MSG_DEBUG, "RSN: Generated FILS Nonce",
1205 fils_nonce, FILS_NONCE_LEN);
1206
1207 data = wpabuf_alloc(1000 + ielen);
1208 if (!data) {
1209 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1210 goto fail;
1211 }
1212
1213 /* TODO: Finite Cyclic Group when using PK or PFS */
1214 /* TODO: Element when using PK or PFS */
1215
1216 /* RSNE */
1217 wpabuf_put_data(data, ie, ielen);
1218
1219 /* TODO: MDE when using FILS+FT */
1220 /* TODO: FTE when using FILS+FT */
1221
1222 /* FILS Nonce */
1223 wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
1224 wpabuf_put_u8(data, 1 + FILS_NONCE_LEN); /* Length */
1225 /* Element ID Extension */
1226 wpabuf_put_u8(data, WLAN_EID_EXT_FILS_NONCE);
1227 wpabuf_put_data(data, fils_nonce, FILS_NONCE_LEN);
1228
1229 /* FILS Session */
1230 wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
1231 wpabuf_put_u8(data, 1 + FILS_SESSION_LEN); /* Length */
1232 /* Element ID Extension */
1233 wpabuf_put_u8(data, WLAN_EID_EXT_FILS_SESSION);
1234 wpabuf_put_data(data, sta->fils_session, FILS_SESSION_LEN);
1235
1236 /* FILS Wrapped Data */
1237 if (!pmksa && erp_resp) {
1238 wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
1239 wpabuf_put_u8(data, 1 + wpabuf_len(erp_resp)); /* Length */
1240 /* Element ID Extension */
1241 wpabuf_put_u8(data, WLAN_EID_EXT_FILS_WRAPPED_DATA);
1242 wpabuf_put_buf(data, erp_resp);
1243
1244 if (fils_rmsk_to_pmk(wpa_auth_sta_key_mgmt(sta->wpa_sm),
1245 msk, msk_len, sta->fils_snonce, fils_nonce,
1246 NULL, 0, pmk_buf, &pmk_len)) {
1247 wpa_printf(MSG_DEBUG, "FILS: Failed to derive PMK");
1248 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1249 wpabuf_free(data);
1250 data = NULL;
1251 goto fail;
1252 }
1253 pmk = pmk_buf;
1254 } else if (pmksa) {
1255 pmk = pmksa->pmk;
1256 pmk_len = pmksa->pmk_len;
1257 }
1258
1259 if (!pmk) {
1260 wpa_printf(MSG_DEBUG, "FILS: No PMK available");
1261 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1262 wpabuf_free(data);
1263 data = NULL;
1264 goto fail;
1265 }
1266
1267 if (fils_auth_pmk_to_ptk(sta->wpa_sm, pmk, pmk_len,
1268 sta->fils_snonce, fils_nonce) < 0) {
1269 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1270 wpabuf_free(data);
1271 data = NULL;
1272 goto fail;
1273 }
1274
1275 fail:
1276 send_auth_reply(hapd, sta->addr, hapd->own_addr, WLAN_AUTH_FILS_SK, 2,
1277 resp,
1278 data ? wpabuf_head(data) : (u8 *) "",
1279 data ? wpabuf_len(data) : 0);
1280 wpabuf_free(data);
1281
1282 if (resp == WLAN_STATUS_SUCCESS) {
1283 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1284 HOSTAPD_LEVEL_DEBUG,
1285 "authentication OK (FILS)");
1286 sta->flags |= WLAN_STA_AUTH;
1287 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
1288 sta->auth_alg = WLAN_AUTH_FILS_SK;
1289 mlme_authenticate_indication(hapd, sta);
1290 }
1291
1292 os_free(ie_buf);
1293 }
1294
1295
1296 void ieee802_11_finish_fils_auth(struct hostapd_data *hapd,
1297 struct sta_info *sta, int success,
1298 struct wpabuf *erp_resp,
1299 const u8 *msk, size_t msk_len)
1300 {
1301 sta->flags &= ~WLAN_STA_PENDING_FILS_ERP;
1302 handle_auth_fils_finish(hapd, sta, success ? WLAN_STATUS_SUCCESS :
1303 WLAN_STATUS_UNSPECIFIED_FAILURE, NULL,
1304 erp_resp, msk, msk_len);
1305 }
1306
1307 #endif /* CONFIG_FILS */
1308
1309
1310 static int
1311 ieee802_11_allowed_address(struct hostapd_data *hapd, const u8 *addr,
1312 const u8 *msg, size_t len, u32 *session_timeout,
1313 u32 *acct_interim_interval,
1314 struct vlan_description *vlan_id,
1315 struct hostapd_sta_wpa_psk_short **psk,
1316 char **identity, char **radius_cui)
1317 {
1318 int res;
1319
1320 os_memset(vlan_id, 0, sizeof(*vlan_id));
1321 res = hostapd_allowed_address(hapd, addr, msg, len,
1322 session_timeout, acct_interim_interval,
1323 vlan_id, psk, identity, radius_cui);
1324
1325 if (res == HOSTAPD_ACL_REJECT) {
1326 wpa_printf(MSG_INFO,
1327 "Station " MACSTR " not allowed to authenticate",
1328 MAC2STR(addr));
1329 return HOSTAPD_ACL_REJECT;
1330 }
1331
1332 if (res == HOSTAPD_ACL_PENDING) {
1333 wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR
1334 " waiting for an external authentication",
1335 MAC2STR(addr));
1336 /* Authentication code will re-send the authentication frame
1337 * after it has received (and cached) information from the
1338 * external source. */
1339 return HOSTAPD_ACL_PENDING;
1340 }
1341
1342 return res;
1343 }
1344
1345
1346 static int
1347 ieee802_11_set_radius_info(struct hostapd_data *hapd, struct sta_info *sta,
1348 int res, u32 session_timeout,
1349 u32 acct_interim_interval,
1350 struct vlan_description *vlan_id,
1351 struct hostapd_sta_wpa_psk_short **psk,
1352 char **identity, char **radius_cui)
1353 {
1354 if (vlan_id->notempty &&
1355 !hostapd_vlan_valid(hapd->conf->vlan, vlan_id)) {
1356 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
1357 HOSTAPD_LEVEL_INFO,
1358 "Invalid VLAN %d%s received from RADIUS server",
1359 vlan_id->untagged,
1360 vlan_id->tagged[0] ? "+" : "");
1361 return -1;
1362 }
1363 if (ap_sta_set_vlan(hapd, sta, vlan_id) < 0)
1364 return -1;
1365 if (sta->vlan_id)
1366 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
1367 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id);
1368
1369 hostapd_free_psk_list(sta->psk);
1370 if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) {
1371 sta->psk = *psk;
1372 *psk = NULL;
1373 } else {
1374 sta->psk = NULL;
1375 }
1376
1377 sta->identity = *identity;
1378 *identity = NULL;
1379 sta->radius_cui = *radius_cui;
1380 *radius_cui = NULL;
1381
1382 if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval)
1383 sta->acct_interim_interval = acct_interim_interval;
1384 if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT)
1385 ap_sta_session_timeout(hapd, sta, session_timeout);
1386 else
1387 ap_sta_no_session_timeout(hapd, sta);
1388
1389 return 0;
1390 }
1391
1392
1393 static void handle_auth(struct hostapd_data *hapd,
1394 const struct ieee80211_mgmt *mgmt, size_t len)
1395 {
1396 u16 auth_alg, auth_transaction, status_code;
1397 u16 resp = WLAN_STATUS_SUCCESS;
1398 struct sta_info *sta = NULL;
1399 int res, reply_res;
1400 u16 fc;
1401 const u8 *challenge = NULL;
1402 u32 session_timeout, acct_interim_interval;
1403 struct vlan_description vlan_id;
1404 struct hostapd_sta_wpa_psk_short *psk = NULL;
1405 u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN];
1406 size_t resp_ies_len = 0;
1407 char *identity = NULL;
1408 char *radius_cui = NULL;
1409 u16 seq_ctrl;
1410
1411 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
1412 wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
1413 (unsigned long) len);
1414 return;
1415 }
1416
1417 #ifdef CONFIG_TESTING_OPTIONS
1418 if (hapd->iconf->ignore_auth_probability > 0.0 &&
1419 drand48() < hapd->iconf->ignore_auth_probability) {
1420 wpa_printf(MSG_INFO,
1421 "TESTING: ignoring auth frame from " MACSTR,
1422 MAC2STR(mgmt->sa));
1423 return;
1424 }
1425 #endif /* CONFIG_TESTING_OPTIONS */
1426
1427 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
1428 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
1429 status_code = le_to_host16(mgmt->u.auth.status_code);
1430 fc = le_to_host16(mgmt->frame_control);
1431 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
1432
1433 if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) +
1434 2 + WLAN_AUTH_CHALLENGE_LEN &&
1435 mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE &&
1436 mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN)
1437 challenge = &mgmt->u.auth.variable[2];
1438
1439 wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d "
1440 "auth_transaction=%d status_code=%d wep=%d%s "
1441 "seq_ctrl=0x%x%s",
1442 MAC2STR(mgmt->sa), auth_alg, auth_transaction,
1443 status_code, !!(fc & WLAN_FC_ISWEP),
1444 challenge ? " challenge" : "",
1445 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
1446
1447 #ifdef CONFIG_NO_RC4
1448 if (auth_alg == WLAN_AUTH_SHARED_KEY) {
1449 wpa_printf(MSG_INFO,
1450 "Unsupported authentication algorithm (%d)",
1451 auth_alg);
1452 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
1453 goto fail;
1454 }
1455 #endif /* CONFIG_NO_RC4 */
1456
1457 if (hapd->tkip_countermeasures) {
1458 resp = WLAN_REASON_MICHAEL_MIC_FAILURE;
1459 goto fail;
1460 }
1461
1462 if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) &&
1463 auth_alg == WLAN_AUTH_OPEN) ||
1464 #ifdef CONFIG_IEEE80211R_AP
1465 (hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) &&
1466 auth_alg == WLAN_AUTH_FT) ||
1467 #endif /* CONFIG_IEEE80211R_AP */
1468 #ifdef CONFIG_SAE
1469 (hapd->conf->wpa && wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) &&
1470 auth_alg == WLAN_AUTH_SAE) ||
1471 #endif /* CONFIG_SAE */
1472 #ifdef CONFIG_FILS
1473 (hapd->conf->wpa && wpa_key_mgmt_fils(hapd->conf->wpa_key_mgmt) &&
1474 auth_alg == WLAN_AUTH_FILS_SK) ||
1475 #endif /* CONFIG_FILS */
1476 ((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) &&
1477 auth_alg == WLAN_AUTH_SHARED_KEY))) {
1478 wpa_printf(MSG_INFO, "Unsupported authentication algorithm (%d)",
1479 auth_alg);
1480 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
1481 goto fail;
1482 }
1483
1484 if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE ||
1485 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) {
1486 wpa_printf(MSG_INFO, "Unknown authentication transaction number (%d)",
1487 auth_transaction);
1488 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
1489 goto fail;
1490 }
1491
1492 if (os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
1493 wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate",
1494 MAC2STR(mgmt->sa));
1495 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1496 goto fail;
1497 }
1498
1499 if (hapd->conf->no_auth_if_seen_on) {
1500 struct hostapd_data *other;
1501
1502 other = sta_track_seen_on(hapd->iface, mgmt->sa,
1503 hapd->conf->no_auth_if_seen_on);
1504 if (other) {
1505 u8 *pos;
1506 u32 info;
1507 u8 op_class, channel, phytype;
1508
1509 wpa_printf(MSG_DEBUG, "%s: Reject authentication from "
1510 MACSTR " since STA has been seen on %s",
1511 hapd->conf->iface, MAC2STR(mgmt->sa),
1512 hapd->conf->no_auth_if_seen_on);
1513
1514 resp = WLAN_STATUS_REJECTED_WITH_SUGGESTED_BSS_TRANSITION;
1515 pos = &resp_ies[0];
1516 *pos++ = WLAN_EID_NEIGHBOR_REPORT;
1517 *pos++ = 13;
1518 os_memcpy(pos, other->own_addr, ETH_ALEN);
1519 pos += ETH_ALEN;
1520 info = 0; /* TODO: BSSID Information */
1521 WPA_PUT_LE32(pos, info);
1522 pos += 4;
1523 if (other->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD)
1524 phytype = 8; /* dmg */
1525 else if (other->iconf->ieee80211ac)
1526 phytype = 9; /* vht */
1527 else if (other->iconf->ieee80211n)
1528 phytype = 7; /* ht */
1529 else if (other->iconf->hw_mode ==
1530 HOSTAPD_MODE_IEEE80211A)
1531 phytype = 4; /* ofdm */
1532 else if (other->iconf->hw_mode ==
1533 HOSTAPD_MODE_IEEE80211G)
1534 phytype = 6; /* erp */
1535 else
1536 phytype = 5; /* hrdsss */
1537 if (ieee80211_freq_to_channel_ext(
1538 hostapd_hw_get_freq(other,
1539 other->iconf->channel),
1540 other->iconf->secondary_channel,
1541 other->iconf->ieee80211ac,
1542 &op_class, &channel) == NUM_HOSTAPD_MODES) {
1543 op_class = 0;
1544 channel = other->iconf->channel;
1545 }
1546 *pos++ = op_class;
1547 *pos++ = channel;
1548 *pos++ = phytype;
1549 resp_ies_len = pos - &resp_ies[0];
1550 goto fail;
1551 }
1552 }
1553
1554 res = ieee802_11_allowed_address(
1555 hapd, mgmt->sa, (const u8 *) mgmt, len, &session_timeout,
1556 &acct_interim_interval, &vlan_id, &psk, &identity, &radius_cui);
1557 if (res == HOSTAPD_ACL_REJECT) {
1558 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1559 goto fail;
1560 }
1561 if (res == HOSTAPD_ACL_PENDING)
1562 return;
1563
1564 sta = ap_get_sta(hapd, mgmt->sa);
1565 if (sta) {
1566 sta->flags &= ~WLAN_STA_PENDING_FILS_ERP;
1567 if ((fc & WLAN_FC_RETRY) &&
1568 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
1569 sta->last_seq_ctrl == seq_ctrl &&
1570 sta->last_subtype == WLAN_FC_STYPE_AUTH) {
1571 hostapd_logger(hapd, sta->addr,
1572 HOSTAPD_MODULE_IEEE80211,
1573 HOSTAPD_LEVEL_DEBUG,
1574 "Drop repeated authentication frame seq_ctrl=0x%x",
1575 seq_ctrl);
1576 return;
1577 }
1578 #ifdef CONFIG_MESH
1579 if ((hapd->conf->mesh & MESH_ENABLED) &&
1580 sta->plink_state == PLINK_BLOCKED) {
1581 wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
1582 " is blocked - drop Authentication frame",
1583 MAC2STR(mgmt->sa));
1584 return;
1585 }
1586 #endif /* CONFIG_MESH */
1587 } else {
1588 #ifdef CONFIG_MESH
1589 if (hapd->conf->mesh & MESH_ENABLED) {
1590 /* if the mesh peer is not available, we don't do auth.
1591 */
1592 wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
1593 " not yet known - drop Authentication frame",
1594 MAC2STR(mgmt->sa));
1595 /*
1596 * Save a copy of the frame so that it can be processed
1597 * if a new peer entry is added shortly after this.
1598 */
1599 wpabuf_free(hapd->mesh_pending_auth);
1600 hapd->mesh_pending_auth = wpabuf_alloc_copy(mgmt, len);
1601 os_get_reltime(&hapd->mesh_pending_auth_time);
1602 return;
1603 }
1604 #endif /* CONFIG_MESH */
1605
1606 sta = ap_sta_add(hapd, mgmt->sa);
1607 if (!sta) {
1608 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
1609 goto fail;
1610 }
1611 }
1612 sta->last_seq_ctrl = seq_ctrl;
1613 sta->last_subtype = WLAN_FC_STYPE_AUTH;
1614
1615 res = ieee802_11_set_radius_info(
1616 hapd, sta, res, session_timeout, acct_interim_interval,
1617 &vlan_id, &psk, &identity, &radius_cui);
1618 if (res) {
1619 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1620 goto fail;
1621 }
1622
1623 sta->flags &= ~WLAN_STA_PREAUTH;
1624 ieee802_1x_notify_pre_auth(sta->eapol_sm, 0);
1625
1626 /*
1627 * If the driver supports full AP client state, add a station to the
1628 * driver before sending authentication reply to make sure the driver
1629 * has resources, and not to go through the entire authentication and
1630 * association handshake, and fail it at the end.
1631 *
1632 * If this is not the first transaction, in a multi-step authentication
1633 * algorithm, the station already exists in the driver
1634 * (sta->added_unassoc = 1) so skip it.
1635 *
1636 * In mesh mode, the station was already added to the driver when the
1637 * NEW_PEER_CANDIDATE event is received.
1638 *
1639 * If PMF was negotiated for the existing association, skip this to
1640 * avoid dropping the STA entry and the associated keys. This is needed
1641 * to allow the original connection work until the attempt can complete
1642 * (re)association, so that unprotected Authentication frame cannot be
1643 * used to bypass PMF protection.
1644 */
1645 if (FULL_AP_CLIENT_STATE_SUPP(hapd->iface->drv_flags) &&
1646 (!(sta->flags & WLAN_STA_MFP) || !ap_sta_is_authorized(sta)) &&
1647 !(hapd->conf->mesh & MESH_ENABLED) &&
1648 !(sta->added_unassoc)) {
1649 /*
1650 * If a station that is already associated to the AP, is trying
1651 * to authenticate again, remove the STA entry, in order to make
1652 * sure the STA PS state gets cleared and configuration gets
1653 * updated. To handle this, station's added_unassoc flag is
1654 * cleared once the station has completed association.
1655 */
1656 hostapd_drv_sta_remove(hapd, sta->addr);
1657 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH |
1658 WLAN_STA_AUTHORIZED);
1659
1660 if (hostapd_sta_add(hapd, sta->addr, 0, 0, NULL, 0, 0,
1661 NULL, NULL, sta->flags, 0, 0, 0, 0)) {
1662 hostapd_logger(hapd, sta->addr,
1663 HOSTAPD_MODULE_IEEE80211,
1664 HOSTAPD_LEVEL_NOTICE,
1665 "Could not add STA to kernel driver");
1666 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
1667 goto fail;
1668 }
1669
1670 sta->added_unassoc = 1;
1671 }
1672
1673 switch (auth_alg) {
1674 case WLAN_AUTH_OPEN:
1675 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1676 HOSTAPD_LEVEL_DEBUG,
1677 "authentication OK (open system)");
1678 sta->flags |= WLAN_STA_AUTH;
1679 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
1680 sta->auth_alg = WLAN_AUTH_OPEN;
1681 mlme_authenticate_indication(hapd, sta);
1682 break;
1683 #ifndef CONFIG_NO_RC4
1684 case WLAN_AUTH_SHARED_KEY:
1685 resp = auth_shared_key(hapd, sta, auth_transaction, challenge,
1686 fc & WLAN_FC_ISWEP);
1687 sta->auth_alg = WLAN_AUTH_SHARED_KEY;
1688 mlme_authenticate_indication(hapd, sta);
1689 if (sta->challenge && auth_transaction == 1) {
1690 resp_ies[0] = WLAN_EID_CHALLENGE;
1691 resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN;
1692 os_memcpy(resp_ies + 2, sta->challenge,
1693 WLAN_AUTH_CHALLENGE_LEN);
1694 resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN;
1695 }
1696 break;
1697 #endif /* CONFIG_NO_RC4 */
1698 #ifdef CONFIG_IEEE80211R_AP
1699 case WLAN_AUTH_FT:
1700 sta->auth_alg = WLAN_AUTH_FT;
1701 if (sta->wpa_sm == NULL)
1702 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
1703 sta->addr, NULL);
1704 if (sta->wpa_sm == NULL) {
1705 wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA "
1706 "state machine");
1707 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1708 goto fail;
1709 }
1710 wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid,
1711 auth_transaction, mgmt->u.auth.variable,
1712 len - IEEE80211_HDRLEN -
1713 sizeof(mgmt->u.auth),
1714 handle_auth_ft_finish, hapd);
1715 /* handle_auth_ft_finish() callback will complete auth. */
1716 return;
1717 #endif /* CONFIG_IEEE80211R_AP */
1718 #ifdef CONFIG_SAE
1719 case WLAN_AUTH_SAE:
1720 #ifdef CONFIG_MESH
1721 if (status_code == WLAN_STATUS_SUCCESS &&
1722 hapd->conf->mesh & MESH_ENABLED) {
1723 if (sta->wpa_sm == NULL)
1724 sta->wpa_sm =
1725 wpa_auth_sta_init(hapd->wpa_auth,
1726 sta->addr, NULL);
1727 if (sta->wpa_sm == NULL) {
1728 wpa_printf(MSG_DEBUG,
1729 "SAE: Failed to initialize WPA state machine");
1730 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1731 goto fail;
1732 }
1733 }
1734 #endif /* CONFIG_MESH */
1735 handle_auth_sae(hapd, sta, mgmt, len, auth_transaction,
1736 status_code);
1737 return;
1738 #endif /* CONFIG_SAE */
1739 #ifdef CONFIG_FILS
1740 case WLAN_AUTH_FILS_SK:
1741 handle_auth_fils(hapd, sta, mgmt, len, auth_transaction,
1742 status_code);
1743 return;
1744 #endif /* CONFIG_FILS */
1745 }
1746
1747 fail:
1748 os_free(identity);
1749 os_free(radius_cui);
1750 hostapd_free_psk_list(psk);
1751
1752 reply_res = send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg,
1753 auth_transaction + 1, resp, resp_ies,
1754 resp_ies_len);
1755
1756 if (sta && sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS ||
1757 reply_res != WLAN_STATUS_SUCCESS)) {
1758 hostapd_drv_sta_remove(hapd, sta->addr);
1759 sta->added_unassoc = 0;
1760 }
1761 }
1762
1763
1764 int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta)
1765 {
1766 int i, j = 32, aid;
1767
1768 /* get a unique AID */
1769 if (sta->aid > 0) {
1770 wpa_printf(MSG_DEBUG, " old AID %d", sta->aid);
1771 return 0;
1772 }
1773
1774 if (TEST_FAIL())
1775 return -1;
1776
1777 for (i = 0; i < AID_WORDS; i++) {
1778 if (hapd->sta_aid[i] == (u32) -1)
1779 continue;
1780 for (j = 0; j < 32; j++) {
1781 if (!(hapd->sta_aid[i] & BIT(j)))
1782 break;
1783 }
1784 if (j < 32)
1785 break;
1786 }
1787 if (j == 32)
1788 return -1;
1789 aid = i * 32 + j + 1;
1790 if (aid > 2007)
1791 return -1;
1792
1793 sta->aid = aid;
1794 hapd->sta_aid[i] |= BIT(j);
1795 wpa_printf(MSG_DEBUG, " new AID %d", sta->aid);
1796 return 0;
1797 }
1798
1799
1800 static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta,
1801 const u8 *ssid_ie, size_t ssid_ie_len)
1802 {
1803 if (ssid_ie == NULL)
1804 return WLAN_STATUS_UNSPECIFIED_FAILURE;
1805
1806 if (ssid_ie_len != hapd->conf->ssid.ssid_len ||
1807 os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) {
1808 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1809 HOSTAPD_LEVEL_INFO,
1810 "Station tried to associate with unknown SSID "
1811 "'%s'", wpa_ssid_txt(ssid_ie, ssid_ie_len));
1812 return WLAN_STATUS_UNSPECIFIED_FAILURE;
1813 }
1814
1815 return WLAN_STATUS_SUCCESS;
1816 }
1817
1818
1819 static u16 check_wmm(struct hostapd_data *hapd, struct sta_info *sta,
1820 const u8 *wmm_ie, size_t wmm_ie_len)
1821 {
1822 sta->flags &= ~WLAN_STA_WMM;
1823 sta->qosinfo = 0;
1824 if (wmm_ie && hapd->conf->wmm_enabled) {
1825 struct wmm_information_element *wmm;
1826
1827 if (!hostapd_eid_wmm_valid(hapd, wmm_ie, wmm_ie_len)) {
1828 hostapd_logger(hapd, sta->addr,
1829 HOSTAPD_MODULE_WPA,
1830 HOSTAPD_LEVEL_DEBUG,
1831 "invalid WMM element in association "
1832 "request");
1833 return WLAN_STATUS_UNSPECIFIED_FAILURE;
1834 }
1835
1836 sta->flags |= WLAN_STA_WMM;
1837 wmm = (struct wmm_information_element *) wmm_ie;
1838 sta->qosinfo = wmm->qos_info;
1839 }
1840 return WLAN_STATUS_SUCCESS;
1841 }
1842
1843
1844 static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta,
1845 struct ieee802_11_elems *elems)
1846 {
1847 /* Supported rates not used in IEEE 802.11ad/DMG */
1848 if (hapd->iface->current_mode &&
1849 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD)
1850 return WLAN_STATUS_SUCCESS;
1851
1852 if (!elems->supp_rates) {
1853 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1854 HOSTAPD_LEVEL_DEBUG,
1855 "No supported rates element in AssocReq");
1856 return WLAN_STATUS_UNSPECIFIED_FAILURE;
1857 }
1858
1859 if (elems->supp_rates_len + elems->ext_supp_rates_len >
1860 sizeof(sta->supported_rates)) {
1861 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1862 HOSTAPD_LEVEL_DEBUG,
1863 "Invalid supported rates element length %d+%d",
1864 elems->supp_rates_len,
1865 elems->ext_supp_rates_len);
1866 return WLAN_STATUS_UNSPECIFIED_FAILURE;
1867 }
1868
1869 sta->supported_rates_len = merge_byte_arrays(
1870 sta->supported_rates, sizeof(sta->supported_rates),
1871 elems->supp_rates, elems->supp_rates_len,
1872 elems->ext_supp_rates, elems->ext_supp_rates_len);
1873
1874 return WLAN_STATUS_SUCCESS;
1875 }
1876
1877
1878 static u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta,
1879 const u8 *ext_capab_ie, size_t ext_capab_ie_len)
1880 {
1881 #ifdef CONFIG_INTERWORKING
1882 /* check for QoS Map support */
1883 if (ext_capab_ie_len >= 5) {
1884 if (ext_capab_ie[4] & 0x01)
1885 sta->qos_map_enabled = 1;
1886 }
1887 #endif /* CONFIG_INTERWORKING */
1888
1889 if (ext_capab_ie_len > 0)
1890 sta->ecsa_supported = !!(ext_capab_ie[0] & BIT(2));
1891
1892 return WLAN_STATUS_SUCCESS;
1893 }
1894
1895
1896 static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
1897 const u8 *ies, size_t ies_len, int reassoc)
1898 {
1899 struct ieee802_11_elems elems;
1900 u16 resp;
1901 const u8 *wpa_ie;
1902 size_t wpa_ie_len;
1903 const u8 *p2p_dev_addr = NULL;
1904
1905 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) {
1906 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1907 HOSTAPD_LEVEL_INFO, "Station sent an invalid "
1908 "association request");
1909 return WLAN_STATUS_UNSPECIFIED_FAILURE;
1910 }
1911
1912 resp = check_ssid(hapd, sta, elems.ssid, elems.ssid_len);
1913 if (resp != WLAN_STATUS_SUCCESS)
1914 return resp;
1915 resp = check_wmm(hapd, sta, elems.wmm, elems.wmm_len);
1916 if (resp != WLAN_STATUS_SUCCESS)
1917 return resp;
1918 resp = check_ext_capab(hapd, sta, elems.ext_capab, elems.ext_capab_len);
1919 if (resp != WLAN_STATUS_SUCCESS)
1920 return resp;
1921 resp = copy_supp_rates(hapd, sta, &elems);
1922 if (resp != WLAN_STATUS_SUCCESS)
1923 return resp;
1924 #ifdef CONFIG_IEEE80211N
1925 resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities);
1926 if (resp != WLAN_STATUS_SUCCESS)
1927 return resp;
1928 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht &&
1929 !(sta->flags & WLAN_STA_HT)) {
1930 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1931 HOSTAPD_LEVEL_INFO, "Station does not support "
1932 "mandatory HT PHY - reject association");
1933 return WLAN_STATUS_ASSOC_DENIED_NO_HT;
1934 }
1935 #endif /* CONFIG_IEEE80211N */
1936
1937 #ifdef CONFIG_IEEE80211AC
1938 if (hapd->iconf->ieee80211ac) {
1939 resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities);
1940 if (resp != WLAN_STATUS_SUCCESS)
1941 return resp;
1942
1943 resp = set_sta_vht_opmode(hapd, sta, elems.vht_opmode_notif);
1944 if (resp != WLAN_STATUS_SUCCESS)
1945 return resp;
1946 }
1947
1948 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht &&
1949 !(sta->flags & WLAN_STA_VHT)) {
1950 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1951 HOSTAPD_LEVEL_INFO, "Station does not support "
1952 "mandatory VHT PHY - reject association");
1953 return WLAN_STATUS_ASSOC_DENIED_NO_VHT;
1954 }
1955
1956 if (hapd->conf->vendor_vht && !elems.vht_capabilities) {
1957 resp = copy_sta_vendor_vht(hapd, sta, elems.vendor_vht,
1958 elems.vendor_vht_len);
1959 if (resp != WLAN_STATUS_SUCCESS)
1960 return resp;
1961 }
1962 #endif /* CONFIG_IEEE80211AC */
1963
1964 #ifdef CONFIG_P2P
1965 if (elems.p2p) {
1966 wpabuf_free(sta->p2p_ie);
1967 sta->p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len,
1968 P2P_IE_VENDOR_TYPE);
1969 if (sta->p2p_ie)
1970 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie);
1971 } else {
1972 wpabuf_free(sta->p2p_ie);
1973 sta->p2p_ie = NULL;
1974 }
1975 #endif /* CONFIG_P2P */
1976
1977 if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems.rsn_ie) {
1978 wpa_ie = elems.rsn_ie;
1979 wpa_ie_len = elems.rsn_ie_len;
1980 } else if ((hapd->conf->wpa & WPA_PROTO_WPA) &&
1981 elems.wpa_ie) {
1982 wpa_ie = elems.wpa_ie;
1983 wpa_ie_len = elems.wpa_ie_len;
1984 } else {
1985 wpa_ie = NULL;
1986 wpa_ie_len = 0;
1987 }
1988
1989 #ifdef CONFIG_WPS
1990 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2);
1991 if (hapd->conf->wps_state && elems.wps_ie) {
1992 wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)Association "
1993 "Request - assume WPS is used");
1994 sta->flags |= WLAN_STA_WPS;
1995 wpabuf_free(sta->wps_ie);
1996 sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len,
1997 WPS_IE_VENDOR_TYPE);
1998 if (sta->wps_ie && wps_is_20(sta->wps_ie)) {
1999 wpa_printf(MSG_DEBUG, "WPS: STA supports WPS 2.0");
2000 sta->flags |= WLAN_STA_WPS2;
2001 }
2002 wpa_ie = NULL;
2003 wpa_ie_len = 0;
2004 if (sta->wps_ie && wps_validate_assoc_req(sta->wps_ie) < 0) {
2005 wpa_printf(MSG_DEBUG, "WPS: Invalid WPS IE in "
2006 "(Re)Association Request - reject");
2007 return WLAN_STATUS_INVALID_IE;
2008 }
2009 } else if (hapd->conf->wps_state && wpa_ie == NULL) {
2010 wpa_printf(MSG_DEBUG, "STA did not include WPA/RSN IE in "
2011 "(Re)Association Request - possible WPS use");
2012 sta->flags |= WLAN_STA_MAYBE_WPS;
2013 } else
2014 #endif /* CONFIG_WPS */
2015 if (hapd->conf->wpa && wpa_ie == NULL) {
2016 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2017 HOSTAPD_LEVEL_INFO,
2018 "No WPA/RSN IE in association request");
2019 return WLAN_STATUS_INVALID_IE;
2020 }
2021
2022 if (hapd->conf->wpa && wpa_ie) {
2023 int res;
2024 wpa_ie -= 2;
2025 wpa_ie_len += 2;
2026 if (sta->wpa_sm == NULL)
2027 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
2028 sta->addr,
2029 p2p_dev_addr);
2030 if (sta->wpa_sm == NULL) {
2031 wpa_printf(MSG_WARNING, "Failed to initialize WPA "
2032 "state machine");
2033 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2034 }
2035 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
2036 wpa_ie, wpa_ie_len,
2037 elems.mdie, elems.mdie_len);
2038 resp = wpa_res_to_status_code(res);
2039 if (resp != WLAN_STATUS_SUCCESS)
2040 return resp;
2041 #ifdef CONFIG_IEEE80211W
2042 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out &&
2043 sta->sa_query_count > 0)
2044 ap_check_sa_query_timeout(hapd, sta);
2045 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out &&
2046 (!reassoc || sta->auth_alg != WLAN_AUTH_FT)) {
2047 /*
2048 * STA has already been associated with MFP and SA
2049 * Query timeout has not been reached. Reject the
2050 * association attempt temporarily and start SA Query,
2051 * if one is not pending.
2052 */
2053
2054 if (sta->sa_query_count == 0)
2055 ap_sta_start_sa_query(hapd, sta);
2056
2057 return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY;
2058 }
2059
2060 if (wpa_auth_uses_mfp(sta->wpa_sm))
2061 sta->flags |= WLAN_STA_MFP;
2062 else
2063 sta->flags &= ~WLAN_STA_MFP;
2064 #endif /* CONFIG_IEEE80211W */
2065
2066 #ifdef CONFIG_IEEE80211R_AP
2067 if (sta->auth_alg == WLAN_AUTH_FT) {
2068 if (!reassoc) {
2069 wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried "
2070 "to use association (not "
2071 "re-association) with FT auth_alg",
2072 MAC2STR(sta->addr));
2073 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2074 }
2075
2076 resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies,
2077 ies_len);
2078 if (resp != WLAN_STATUS_SUCCESS)
2079 return resp;
2080 }
2081 #endif /* CONFIG_IEEE80211R_AP */
2082
2083 #ifdef CONFIG_SAE
2084 if (wpa_auth_uses_sae(sta->wpa_sm) &&
2085 sta->auth_alg == WLAN_AUTH_OPEN) {
2086 struct rsn_pmksa_cache_entry *sa;
2087 sa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
2088 if (!sa || sa->akmp != WPA_KEY_MGMT_SAE) {
2089 wpa_printf(MSG_DEBUG,
2090 "SAE: No PMKSA cache entry found for "
2091 MACSTR, MAC2STR(sta->addr));
2092 return WLAN_STATUS_INVALID_PMKID;
2093 }
2094 wpa_printf(MSG_DEBUG, "SAE: " MACSTR
2095 " using PMKSA caching", MAC2STR(sta->addr));
2096 } else if (wpa_auth_uses_sae(sta->wpa_sm) &&
2097 sta->auth_alg != WLAN_AUTH_SAE &&
2098 !(sta->auth_alg == WLAN_AUTH_FT &&
2099 wpa_auth_uses_ft_sae(sta->wpa_sm))) {
2100 wpa_printf(MSG_DEBUG, "SAE: " MACSTR " tried to use "
2101 "SAE AKM after non-SAE auth_alg %u",
2102 MAC2STR(sta->addr), sta->auth_alg);
2103 return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
2104 }
2105 #endif /* CONFIG_SAE */
2106
2107 #ifdef CONFIG_IEEE80211N
2108 if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) &&
2109 wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) {
2110 hostapd_logger(hapd, sta->addr,
2111 HOSTAPD_MODULE_IEEE80211,
2112 HOSTAPD_LEVEL_INFO,
2113 "Station tried to use TKIP with HT "
2114 "association");
2115 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY;
2116 }
2117 #endif /* CONFIG_IEEE80211N */
2118 #ifdef CONFIG_HS20
2119 } else if (hapd->conf->osen) {
2120 if (elems.osen == NULL) {
2121 hostapd_logger(
2122 hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2123 HOSTAPD_LEVEL_INFO,
2124 "No HS 2.0 OSEN element in association request");
2125 return WLAN_STATUS_INVALID_IE;
2126 }
2127
2128 wpa_printf(MSG_DEBUG, "HS 2.0: OSEN association");
2129 if (sta->wpa_sm == NULL)
2130 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
2131 sta->addr, NULL);
2132 if (sta->wpa_sm == NULL) {
2133 wpa_printf(MSG_WARNING, "Failed to initialize WPA "
2134 "state machine");
2135 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2136 }
2137 if (wpa_validate_osen(hapd->wpa_auth, sta->wpa_sm,
2138 elems.osen - 2, elems.osen_len + 2) < 0)
2139 return WLAN_STATUS_INVALID_IE;
2140 #endif /* CONFIG_HS20 */
2141 } else
2142 wpa_auth_sta_no_wpa(sta->wpa_sm);
2143
2144 #ifdef CONFIG_P2P
2145 p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len);
2146 #endif /* CONFIG_P2P */
2147
2148 #ifdef CONFIG_HS20
2149 wpabuf_free(sta->hs20_ie);
2150 if (elems.hs20 && elems.hs20_len > 4) {
2151 sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4,
2152 elems.hs20_len - 4);
2153 } else
2154 sta->hs20_ie = NULL;
2155 #endif /* CONFIG_HS20 */
2156
2157 #ifdef CONFIG_FST
2158 wpabuf_free(sta->mb_ies);
2159 if (hapd->iface->fst)
2160 sta->mb_ies = mb_ies_by_info(&elems.mb_ies);
2161 else
2162 sta->mb_ies = NULL;
2163 #endif /* CONFIG_FST */
2164
2165 #ifdef CONFIG_MBO
2166 mbo_ap_check_sta_assoc(hapd, sta, &elems);
2167
2168 if (hapd->conf->mbo_enabled && (hapd->conf->wpa & 2) &&
2169 elems.mbo && sta->cell_capa && !(sta->flags & WLAN_STA_MFP) &&
2170 hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
2171 wpa_printf(MSG_INFO,
2172 "MBO: Reject WPA2 association without PMF");
2173 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2174 }
2175 #endif /* CONFIG_MBO */
2176
2177 ap_copy_sta_supp_op_classes(sta, elems.supp_op_classes,
2178 elems.supp_op_classes_len);
2179
2180 if ((sta->capability & WLAN_CAPABILITY_RADIO_MEASUREMENT) &&
2181 elems.rrm_enabled &&
2182 elems.rrm_enabled_len >= sizeof(sta->rrm_enabled_capa))
2183 os_memcpy(sta->rrm_enabled_capa, elems.rrm_enabled,
2184 sizeof(sta->rrm_enabled_capa));
2185
2186 return WLAN_STATUS_SUCCESS;
2187 }
2188
2189
2190 static void send_deauth(struct hostapd_data *hapd, const u8 *addr,
2191 u16 reason_code)
2192 {
2193 int send_len;
2194 struct ieee80211_mgmt reply;
2195
2196 os_memset(&reply, 0, sizeof(reply));
2197 reply.frame_control =
2198 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH);
2199 os_memcpy(reply.da, addr, ETH_ALEN);
2200 os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN);
2201 os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN);
2202
2203 send_len = IEEE80211_HDRLEN + sizeof(reply.u.deauth);
2204 reply.u.deauth.reason_code = host_to_le16(reason_code);
2205
2206 if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0)
2207 wpa_printf(MSG_INFO, "Failed to send deauth: %s",
2208 strerror(errno));
2209 }
2210
2211
2212 static int add_associated_sta(struct hostapd_data *hapd,
2213 struct sta_info *sta)
2214 {
2215 struct ieee80211_ht_capabilities ht_cap;
2216 struct ieee80211_vht_capabilities vht_cap;
2217
2218 /*
2219 * Remove the STA entry to ensure the STA PS state gets cleared and
2220 * configuration gets updated. This is relevant for cases, such as
2221 * FT-over-the-DS, where a station re-associates back to the same AP but
2222 * skips the authentication flow, or if working with a driver that
2223 * does not support full AP client state.
2224 */
2225 if (!sta->added_unassoc)
2226 hostapd_drv_sta_remove(hapd, sta->addr);
2227
2228 #ifdef CONFIG_IEEE80211N
2229 if (sta->flags & WLAN_STA_HT)
2230 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap);
2231 #endif /* CONFIG_IEEE80211N */
2232 #ifdef CONFIG_IEEE80211AC
2233 if (sta->flags & WLAN_STA_VHT)
2234 hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap);
2235 #endif /* CONFIG_IEEE80211AC */
2236
2237 /*
2238 * Add the station with forced WLAN_STA_ASSOC flag. The sta->flags
2239 * will be set when the ACK frame for the (Re)Association Response frame
2240 * is processed (TX status driver event).
2241 */
2242 if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability,
2243 sta->supported_rates, sta->supported_rates_len,
2244 sta->listen_interval,
2245 sta->flags & WLAN_STA_HT ? &ht_cap : NULL,
2246 sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
2247 sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
2248 sta->vht_opmode, sta->p2p_ie ? 1 : 0,
2249 sta->added_unassoc)) {
2250 hostapd_logger(hapd, sta->addr,
2251 HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
2252 "Could not %s STA to kernel driver",
2253 sta->added_unassoc ? "set" : "add");
2254
2255 if (sta->added_unassoc) {
2256 hostapd_drv_sta_remove(hapd, sta->addr);
2257 sta->added_unassoc = 0;
2258 }
2259
2260 return -1;
2261 }
2262
2263 sta->added_unassoc = 0;
2264
2265 return 0;
2266 }
2267
2268
2269 static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
2270 const u8 *addr, u16 status_code, int reassoc,
2271 const u8 *ies, size_t ies_len)
2272 {
2273 int send_len;
2274 u8 *buf;
2275 size_t buflen;
2276 struct ieee80211_mgmt *reply;
2277 u8 *p;
2278 u16 res = WLAN_STATUS_SUCCESS;
2279
2280 buflen = sizeof(struct ieee80211_mgmt) + 1024;
2281 #ifdef CONFIG_FILS
2282 if (sta && sta->fils_hlp_resp)
2283 buflen += wpabuf_len(sta->fils_hlp_resp);
2284 #endif /* CONFIG_FILS */
2285 buf = os_zalloc(buflen);
2286 if (!buf) {
2287 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
2288 goto done;
2289 }
2290 reply = (struct ieee80211_mgmt *) buf;
2291 reply->frame_control =
2292 IEEE80211_FC(WLAN_FC_TYPE_MGMT,
2293 (reassoc ? WLAN_FC_STYPE_REASSOC_RESP :
2294 WLAN_FC_STYPE_ASSOC_RESP));
2295 os_memcpy(reply->da, addr, ETH_ALEN);
2296 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN);
2297 os_memcpy(reply->bssid, hapd->own_addr, ETH_ALEN);
2298
2299 send_len = IEEE80211_HDRLEN;
2300 send_len += sizeof(reply->u.assoc_resp);
2301 reply->u.assoc_resp.capab_info =
2302 host_to_le16(hostapd_own_capab_info(hapd));
2303 reply->u.assoc_resp.status_code = host_to_le16(status_code);
2304
2305 reply->u.assoc_resp.aid = host_to_le16((sta ? sta->aid : 0) |
2306 BIT(14) | BIT(15));
2307 /* Supported rates */
2308 p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable);
2309 /* Extended supported rates */
2310 p = hostapd_eid_ext_supp_rates(hapd, p);
2311
2312 #ifdef CONFIG_IEEE80211R_AP
2313 if (sta && status_code == WLAN_STATUS_SUCCESS) {
2314 /* IEEE 802.11r: Mobility Domain Information, Fast BSS
2315 * Transition Information, RSN, [RIC Response] */
2316 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p,
2317 buf + buflen - p,
2318 sta->auth_alg, ies, ies_len);
2319 }
2320 #endif /* CONFIG_IEEE80211R_AP */
2321
2322 #ifdef CONFIG_IEEE80211W
2323 if (sta && status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY)
2324 p = hostapd_eid_assoc_comeback_time(hapd, sta, p);
2325 #endif /* CONFIG_IEEE80211W */
2326
2327 #ifdef CONFIG_IEEE80211N
2328 p = hostapd_eid_ht_capabilities(hapd, p);
2329 p = hostapd_eid_ht_operation(hapd, p);
2330 #endif /* CONFIG_IEEE80211N */
2331
2332 #ifdef CONFIG_IEEE80211AC
2333 if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac) {
2334 u32 nsts = 0, sta_nsts;
2335
2336 if (sta && hapd->conf->use_sta_nsts && sta->vht_capabilities) {
2337 struct ieee80211_vht_capabilities *capa;
2338
2339 nsts = (hapd->iface->conf->vht_capab >>
2340 VHT_CAP_BEAMFORMEE_STS_OFFSET) & 7;
2341 capa = sta->vht_capabilities;
2342 sta_nsts = (le_to_host32(capa->vht_capabilities_info) >>
2343 VHT_CAP_BEAMFORMEE_STS_OFFSET) & 7;
2344
2345 if (nsts < sta_nsts)
2346 nsts = 0;
2347 else
2348 nsts = sta_nsts;
2349 }
2350 p = hostapd_eid_vht_capabilities(hapd, p, nsts);
2351 p = hostapd_eid_vht_operation(hapd, p);
2352 }
2353 #endif /* CONFIG_IEEE80211AC */
2354
2355 p = hostapd_eid_ext_capab(hapd, p);
2356 p = hostapd_eid_bss_max_idle_period(hapd, p);
2357 if (sta && sta->qos_map_enabled)
2358 p = hostapd_eid_qos_map_set(hapd, p);
2359
2360 #ifdef CONFIG_FST
2361 if (hapd->iface->fst_ies) {
2362 os_memcpy(p, wpabuf_head(hapd->iface->fst_ies),
2363 wpabuf_len(hapd->iface->fst_ies));
2364 p += wpabuf_len(hapd->iface->fst_ies);
2365 }
2366 #endif /* CONFIG_FST */
2367
2368 #ifdef CONFIG_IEEE80211AC
2369 if (sta && hapd->conf->vendor_vht && (sta->flags & WLAN_STA_VENDOR_VHT))
2370 p = hostapd_eid_vendor_vht(hapd, p);
2371 #endif /* CONFIG_IEEE80211AC */
2372
2373 if (sta && (sta->flags & WLAN_STA_WMM))
2374 p = hostapd_eid_wmm(hapd, p);
2375
2376 #ifdef CONFIG_WPS
2377 if (sta &&
2378 ((sta->flags & WLAN_STA_WPS) ||
2379 ((sta->flags & WLAN_STA_MAYBE_WPS) && hapd->conf->wpa))) {
2380 struct wpabuf *wps = wps_build_assoc_resp_ie();
2381 if (wps) {
2382 os_memcpy(p, wpabuf_head(wps), wpabuf_len(wps));
2383 p += wpabuf_len(wps);
2384 wpabuf_free(wps);
2385 }
2386 }
2387 #endif /* CONFIG_WPS */
2388
2389 #ifdef CONFIG_P2P
2390 if (sta && sta->p2p_ie && hapd->p2p_group) {
2391 struct wpabuf *p2p_resp_ie;
2392 enum p2p_status_code status;
2393 switch (status_code) {
2394 case WLAN_STATUS_SUCCESS:
2395 status = P2P_SC_SUCCESS;
2396 break;
2397 case WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA:
2398 status = P2P_SC_FAIL_LIMIT_REACHED;
2399 break;
2400 default:
2401 status = P2P_SC_FAIL_INVALID_PARAMS;
2402 break;
2403 }
2404 p2p_resp_ie = p2p_group_assoc_resp_ie(hapd->p2p_group, status);
2405 if (p2p_resp_ie) {
2406 os_memcpy(p, wpabuf_head(p2p_resp_ie),
2407 wpabuf_len(p2p_resp_ie));
2408 p += wpabuf_len(p2p_resp_ie);
2409 wpabuf_free(p2p_resp_ie);
2410 }
2411 }
2412 #endif /* CONFIG_P2P */
2413
2414 #ifdef CONFIG_P2P_MANAGER
2415 if (hapd->conf->p2p & P2P_MANAGE)
2416 p = hostapd_eid_p2p_manage(hapd, p);
2417 #endif /* CONFIG_P2P_MANAGER */
2418
2419 p = hostapd_eid_mbo(hapd, p, buf + buflen - p);
2420
2421 if (hapd->conf->assocresp_elements &&
2422 (size_t) (buf + buflen - p) >=
2423 wpabuf_len(hapd->conf->assocresp_elements)) {
2424 os_memcpy(p, wpabuf_head(hapd->conf->assocresp_elements),
2425 wpabuf_len(hapd->conf->assocresp_elements));
2426 p += wpabuf_len(hapd->conf->assocresp_elements);
2427 }
2428
2429 send_len += p - reply->u.assoc_resp.variable;
2430
2431 #ifdef CONFIG_FILS
2432 if (sta &&
2433 (sta->auth_alg == WLAN_AUTH_FILS_SK ||
2434 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
2435 sta->auth_alg == WLAN_AUTH_FILS_PK) &&
2436 status_code == WLAN_STATUS_SUCCESS) {
2437 struct ieee802_11_elems elems;
2438
2439 if (ieee802_11_parse_elems(ies, ies_len, &elems, 0) ==
2440 ParseFailed || !elems.fils_session) {
2441 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
2442 goto done;
2443 }
2444
2445 /* FILS Session */
2446 *p++ = WLAN_EID_EXTENSION; /* Element ID */
2447 *p++ = 1 + FILS_SESSION_LEN; /* Length */
2448 *p++ = WLAN_EID_EXT_FILS_SESSION; /* Element ID Extension */
2449 os_memcpy(p, elems.fils_session, FILS_SESSION_LEN);
2450 send_len += 2 + 1 + FILS_SESSION_LEN;
2451
2452 send_len = fils_encrypt_assoc(sta->wpa_sm, buf, send_len,
2453 buflen, sta->fils_hlp_resp);
2454 if (send_len < 0) {
2455 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
2456 goto done;
2457 }
2458 }
2459 #endif /* CONFIG_FILS */
2460
2461 if (hostapd_drv_send_mlme(hapd, reply, send_len, 0) < 0) {
2462 wpa_printf(MSG_INFO, "Failed to send assoc resp: %s",
2463 strerror(errno));
2464 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
2465 }
2466
2467 done:
2468 os_free(buf);
2469 return res;
2470 }
2471
2472
2473 #ifdef CONFIG_FILS
2474
2475 void fils_hlp_finish_assoc(struct hostapd_data *hapd, struct sta_info *sta)
2476 {
2477 u16 reply_res;
2478
2479 wpa_printf(MSG_DEBUG, "FILS: Finish association with " MACSTR,
2480 MAC2STR(sta->addr));
2481 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
2482 if (!sta->fils_pending_assoc_req)
2483 return;
2484 reply_res = send_assoc_resp(hapd, sta, sta->addr, WLAN_STATUS_SUCCESS,
2485 sta->fils_pending_assoc_is_reassoc,
2486 sta->fils_pending_assoc_req,
2487 sta->fils_pending_assoc_req_len);
2488 os_free(sta->fils_pending_assoc_req);
2489 sta->fils_pending_assoc_req = NULL;
2490 sta->fils_pending_assoc_req_len = 0;
2491 wpabuf_free(sta->fils_hlp_resp);
2492 sta->fils_hlp_resp = NULL;
2493 wpabuf_free(sta->hlp_dhcp_discover);
2494 sta->hlp_dhcp_discover = NULL;
2495
2496 /*
2497 * Remove the station in case tranmission of a success response fails
2498 * (the STA was added associated to the driver) or if the station was
2499 * previously added unassociated.
2500 */
2501 if (reply_res != WLAN_STATUS_SUCCESS || sta->added_unassoc) {
2502 hostapd_drv_sta_remove(hapd, sta->addr);
2503 sta->added_unassoc = 0;
2504 }
2505 }
2506
2507
2508 void fils_hlp_timeout(void *eloop_ctx, void *eloop_data)
2509 {
2510 struct hostapd_data *hapd = eloop_ctx;
2511 struct sta_info *sta = eloop_data;
2512
2513 wpa_printf(MSG_DEBUG,
2514 "FILS: HLP response timeout - continue with association response for "
2515 MACSTR, MAC2STR(sta->addr));
2516 fils_hlp_finish_assoc(hapd, sta);
2517 }
2518
2519 #endif /* CONFIG_FILS */
2520
2521
2522 static void handle_assoc(struct hostapd_data *hapd,
2523 const struct ieee80211_mgmt *mgmt, size_t len,
2524 int reassoc)
2525 {
2526 u16 capab_info, listen_interval, seq_ctrl, fc;
2527 u16 resp = WLAN_STATUS_SUCCESS, reply_res;
2528 const u8 *pos;
2529 int left, i;
2530 struct sta_info *sta;
2531 u8 *tmp = NULL;
2532 struct hostapd_sta_wpa_psk_short *psk = NULL;
2533 char *identity = NULL;
2534 char *radius_cui = NULL;
2535 #ifdef CONFIG_FILS
2536 int delay_assoc = 0;
2537 #endif /* CONFIG_FILS */
2538
2539 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
2540 sizeof(mgmt->u.assoc_req))) {
2541 wpa_printf(MSG_INFO, "handle_assoc(reassoc=%d) - too short payload (len=%lu)",
2542 reassoc, (unsigned long) len);
2543 return;
2544 }
2545
2546 #ifdef CONFIG_TESTING_OPTIONS
2547 if (reassoc) {
2548 if (hapd->iconf->ignore_reassoc_probability > 0.0 &&
2549 drand48() < hapd->iconf->ignore_reassoc_probability) {
2550 wpa_printf(MSG_INFO,
2551 "TESTING: ignoring reassoc request from "
2552 MACSTR, MAC2STR(mgmt->sa));
2553 return;
2554 }
2555 } else {
2556 if (hapd->iconf->ignore_assoc_probability > 0.0 &&
2557 drand48() < hapd->iconf->ignore_assoc_probability) {
2558 wpa_printf(MSG_INFO,
2559 "TESTING: ignoring assoc request from "
2560 MACSTR, MAC2STR(mgmt->sa));
2561 return;
2562 }
2563 }
2564 #endif /* CONFIG_TESTING_OPTIONS */
2565
2566 fc = le_to_host16(mgmt->frame_control);
2567 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
2568
2569 if (reassoc) {
2570 capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info);
2571 listen_interval = le_to_host16(
2572 mgmt->u.reassoc_req.listen_interval);
2573 wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR
2574 " capab_info=0x%02x listen_interval=%d current_ap="
2575 MACSTR " seq_ctrl=0x%x%s",
2576 MAC2STR(mgmt->sa), capab_info, listen_interval,
2577 MAC2STR(mgmt->u.reassoc_req.current_ap),
2578 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
2579 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req));
2580 pos = mgmt->u.reassoc_req.variable;
2581 } else {
2582 capab_info = le_to_host16(mgmt->u.assoc_req.capab_info);
2583 listen_interval = le_to_host16(
2584 mgmt->u.assoc_req.listen_interval);
2585 wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR
2586 " capab_info=0x%02x listen_interval=%d "
2587 "seq_ctrl=0x%x%s",
2588 MAC2STR(mgmt->sa), capab_info, listen_interval,
2589 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
2590 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req));
2591 pos = mgmt->u.assoc_req.variable;
2592 }
2593
2594 sta = ap_get_sta(hapd, mgmt->sa);
2595 #ifdef CONFIG_IEEE80211R_AP
2596 if (sta && sta->auth_alg == WLAN_AUTH_FT &&
2597 (sta->flags & WLAN_STA_AUTH) == 0) {
2598 wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate "
2599 "prior to authentication since it is using "
2600 "over-the-DS FT", MAC2STR(mgmt->sa));
2601
2602 /*
2603 * Mark station as authenticated, to avoid adding station
2604 * entry in the driver as associated and not authenticated
2605 */
2606 sta->flags |= WLAN_STA_AUTH;
2607 } else
2608 #endif /* CONFIG_IEEE80211R_AP */
2609 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) {
2610 if (hapd->iface->current_mode &&
2611 hapd->iface->current_mode->mode ==
2612 HOSTAPD_MODE_IEEE80211AD) {
2613 int acl_res;
2614 u32 session_timeout, acct_interim_interval;
2615 struct vlan_description vlan_id;
2616
2617 acl_res = ieee802_11_allowed_address(
2618 hapd, mgmt->sa, (const u8 *) mgmt, len,
2619 &session_timeout, &acct_interim_interval,
2620 &vlan_id, &psk, &identity, &radius_cui);
2621 if (acl_res == HOSTAPD_ACL_REJECT) {
2622 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
2623 goto fail;
2624 }
2625 if (acl_res == HOSTAPD_ACL_PENDING)
2626 return;
2627
2628 /* DMG/IEEE 802.11ad does not use authentication.
2629 * Allocate sta entry upon association. */
2630 sta = ap_sta_add(hapd, mgmt->sa);
2631 if (!sta) {
2632 hostapd_logger(hapd, mgmt->sa,
2633 HOSTAPD_MODULE_IEEE80211,
2634 HOSTAPD_LEVEL_INFO,
2635 "Failed to add STA");
2636 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
2637 goto fail;
2638 }
2639
2640 acl_res = ieee802_11_set_radius_info(
2641 hapd, sta, acl_res, session_timeout,
2642 acct_interim_interval, &vlan_id, &psk,
2643 &identity, &radius_cui);
2644 if (acl_res) {
2645 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
2646 goto fail;
2647 }
2648
2649 hostapd_logger(hapd, sta->addr,
2650 HOSTAPD_MODULE_IEEE80211,
2651 HOSTAPD_LEVEL_DEBUG,
2652 "Skip authentication for DMG/IEEE 802.11ad");
2653 sta->flags |= WLAN_STA_AUTH;
2654 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
2655 sta->auth_alg = WLAN_AUTH_OPEN;
2656 } else {
2657 hostapd_logger(hapd, mgmt->sa,
2658 HOSTAPD_MODULE_IEEE80211,
2659 HOSTAPD_LEVEL_INFO,
2660 "Station tried to associate before authentication (aid=%d flags=0x%x)",
2661 sta ? sta->aid : -1,
2662 sta ? sta->flags : 0);
2663 send_deauth(hapd, mgmt->sa,
2664 WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA);
2665 return;
2666 }
2667 }
2668
2669 if ((fc & WLAN_FC_RETRY) &&
2670 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
2671 sta->last_seq_ctrl == seq_ctrl &&
2672 sta->last_subtype == (reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
2673 WLAN_FC_STYPE_ASSOC_REQ)) {
2674 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2675 HOSTAPD_LEVEL_DEBUG,
2676 "Drop repeated association frame seq_ctrl=0x%x",
2677 seq_ctrl);
2678 return;
2679 }
2680 sta->last_seq_ctrl = seq_ctrl;
2681 sta->last_subtype = reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
2682 WLAN_FC_STYPE_ASSOC_REQ;
2683
2684 if (hapd->tkip_countermeasures) {
2685 resp = WLAN_REASON_MICHAEL_MIC_FAILURE;
2686 goto fail;
2687 }
2688
2689 if (listen_interval > hapd->conf->max_listen_interval) {
2690 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
2691 HOSTAPD_LEVEL_DEBUG,
2692 "Too large Listen Interval (%d)",
2693 listen_interval);
2694 resp = WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE;
2695 goto fail;
2696 }
2697
2698 #ifdef CONFIG_MBO
2699 if (hapd->conf->mbo_enabled && hapd->mbo_assoc_disallow) {
2700 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
2701 goto fail;
2702 }
2703 #endif /* CONFIG_MBO */
2704
2705 /*
2706 * sta->capability is used in check_assoc_ies() for RRM enabled
2707 * capability element.
2708 */
2709 sta->capability = capab_info;
2710
2711 #ifdef CONFIG_FILS
2712 if (sta->auth_alg == WLAN_AUTH_FILS_SK ||
2713 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
2714 sta->auth_alg == WLAN_AUTH_FILS_PK) {
2715 /* The end of the payload is encrypted. Need to decrypt it
2716 * before parsing. */
2717
2718 tmp = os_malloc(left);
2719 if (!tmp) {
2720 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
2721 goto fail;
2722 }
2723 os_memcpy(tmp, pos, left);
2724
2725 left = fils_decrypt_assoc(sta->wpa_sm, sta->fils_session, mgmt,
2726 len, tmp, left);
2727 if (left < 0) {
2728 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
2729 goto fail;
2730 }
2731 pos = tmp;
2732 }
2733 #endif /* CONFIG_FILS */
2734
2735 /* followed by SSID and Supported rates; and HT capabilities if 802.11n
2736 * is used */
2737 resp = check_assoc_ies(hapd, sta, pos, left, reassoc);
2738 if (resp != WLAN_STATUS_SUCCESS)
2739 goto fail;
2740
2741 if (hostapd_get_aid(hapd, sta) < 0) {
2742 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
2743 HOSTAPD_LEVEL_INFO, "No room for more AIDs");
2744 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
2745 goto fail;
2746 }
2747
2748 sta->listen_interval = listen_interval;
2749
2750 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G)
2751 sta->flags |= WLAN_STA_NONERP;
2752 for (i = 0; i < sta->supported_rates_len; i++) {
2753 if ((sta->supported_rates[i] & 0x7f) > 22) {
2754 sta->flags &= ~WLAN_STA_NONERP;
2755 break;
2756 }
2757 }
2758 if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) {
2759 sta->nonerp_set = 1;
2760 hapd->iface->num_sta_non_erp++;
2761 if (hapd->iface->num_sta_non_erp == 1)
2762 ieee802_11_set_beacons(hapd->iface);
2763 }
2764
2765 if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) &&
2766 !sta->no_short_slot_time_set) {
2767 sta->no_short_slot_time_set = 1;
2768 hapd->iface->num_sta_no_short_slot_time++;
2769 if (hapd->iface->current_mode->mode ==
2770 HOSTAPD_MODE_IEEE80211G &&
2771 hapd->iface->num_sta_no_short_slot_time == 1)
2772 ieee802_11_set_beacons(hapd->iface);
2773 }
2774
2775 if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE)
2776 sta->flags |= WLAN_STA_SHORT_PREAMBLE;
2777 else
2778 sta->flags &= ~WLAN_STA_SHORT_PREAMBLE;
2779
2780 if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) &&
2781 !sta->no_short_preamble_set) {
2782 sta->no_short_preamble_set = 1;
2783 hapd->iface->num_sta_no_short_preamble++;
2784 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
2785 && hapd->iface->num_sta_no_short_preamble == 1)
2786 ieee802_11_set_beacons(hapd->iface);
2787 }
2788
2789 #ifdef CONFIG_IEEE80211N
2790 update_ht_state(hapd, sta);
2791 #endif /* CONFIG_IEEE80211N */
2792
2793 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2794 HOSTAPD_LEVEL_DEBUG,
2795 "association OK (aid %d)", sta->aid);
2796 /* Station will be marked associated, after it acknowledges AssocResp
2797 */
2798 sta->flags |= WLAN_STA_ASSOC_REQ_OK;
2799
2800 #ifdef CONFIG_IEEE80211W
2801 if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) {
2802 wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out "
2803 "SA Query procedure", reassoc ? "re" : "");
2804 /* TODO: Send a protected Disassociate frame to the STA using
2805 * the old key and Reason Code "Previous Authentication no
2806 * longer valid". Make sure this is only sent protected since
2807 * unprotected frame would be received by the STA that is now
2808 * trying to associate.
2809 */
2810 }
2811 #endif /* CONFIG_IEEE80211W */
2812
2813 /* Make sure that the previously registered inactivity timer will not
2814 * remove the STA immediately. */
2815 sta->timeout_next = STA_NULLFUNC;
2816
2817 #ifdef CONFIG_TAXONOMY
2818 taxonomy_sta_info_assoc_req(hapd, sta, pos, left);
2819 #endif /* CONFIG_TAXONOMY */
2820
2821 sta->pending_wds_enable = 0;
2822
2823 #ifdef CONFIG_FILS
2824 if (sta->auth_alg == WLAN_AUTH_FILS_SK ||
2825 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
2826 sta->auth_alg == WLAN_AUTH_FILS_PK) {
2827 if (fils_process_hlp(hapd, sta, pos, left) > 0)
2828 delay_assoc = 1;
2829 }
2830 #endif /* CONFIG_FILS */
2831
2832 fail:
2833 os_free(identity);
2834 os_free(radius_cui);
2835 hostapd_free_psk_list(psk);
2836
2837 /*
2838 * In case of a successful response, add the station to the driver.
2839 * Otherwise, the kernel may ignore Data frames before we process the
2840 * ACK frame (TX status). In case of a failure, this station will be
2841 * removed.
2842 *
2843 * Note that this is not compliant with the IEEE 802.11 standard that
2844 * states that a non-AP station should transition into the
2845 * authenticated/associated state only after the station acknowledges
2846 * the (Re)Association Response frame. However, still do this as:
2847 *
2848 * 1. In case the station does not acknowledge the (Re)Association
2849 * Response frame, it will be removed.
2850 * 2. Data frames will be dropped in the kernel until the station is
2851 * set into authorized state, and there are no significant known
2852 * issues with processing other non-Data Class 3 frames during this
2853 * window.
2854 */
2855 if (resp == WLAN_STATUS_SUCCESS && sta && add_associated_sta(hapd, sta))
2856 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
2857
2858 #ifdef CONFIG_FILS
2859 if (sta) {
2860 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
2861 os_free(sta->fils_pending_assoc_req);
2862 sta->fils_pending_assoc_req = NULL;
2863 sta->fils_pending_assoc_req_len = 0;
2864 wpabuf_free(sta->fils_hlp_resp);
2865 sta->fils_hlp_resp = NULL;
2866 }
2867 if (sta && delay_assoc && resp == WLAN_STATUS_SUCCESS) {
2868 sta->fils_pending_assoc_req = tmp;
2869 sta->fils_pending_assoc_req_len = left;
2870 sta->fils_pending_assoc_is_reassoc = reassoc;
2871 wpa_printf(MSG_DEBUG,
2872 "FILS: Waiting for HLP processing before sending (Re)Association Response frame to "
2873 MACSTR, MAC2STR(sta->addr));
2874 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
2875 eloop_register_timeout(0, hapd->conf->fils_hlp_wait_time * 1024,
2876 fils_hlp_timeout, hapd, sta);
2877 return;
2878 }
2879 #endif /* CONFIG_FILS */
2880
2881 reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc, pos,
2882 left);
2883 os_free(tmp);
2884
2885 /*
2886 * Remove the station in case tranmission of a success response fails
2887 * (the STA was added associated to the driver) or if the station was
2888 * previously added unassociated.
2889 */
2890 if (sta && ((reply_res != WLAN_STATUS_SUCCESS &&
2891 resp == WLAN_STATUS_SUCCESS) || sta->added_unassoc)) {
2892 hostapd_drv_sta_remove(hapd, sta->addr);
2893 sta->added_unassoc = 0;
2894 }
2895 }
2896
2897
2898 static void handle_disassoc(struct hostapd_data *hapd,
2899 const struct ieee80211_mgmt *mgmt, size_t len)
2900 {
2901 struct sta_info *sta;
2902
2903 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) {
2904 wpa_printf(MSG_INFO, "handle_disassoc - too short payload (len=%lu)",
2905 (unsigned long) len);
2906 return;
2907 }
2908
2909 wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
2910 MAC2STR(mgmt->sa),
2911 le_to_host16(mgmt->u.disassoc.reason_code));
2912
2913 sta = ap_get_sta(hapd, mgmt->sa);
2914 if (sta == NULL) {
2915 wpa_printf(MSG_INFO, "Station " MACSTR " trying to disassociate, but it is not associated",
2916 MAC2STR(mgmt->sa));
2917 return;
2918 }
2919
2920 ap_sta_set_authorized(hapd, sta, 0);
2921 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
2922 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
2923 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC);
2924 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2925 HOSTAPD_LEVEL_INFO, "disassociated");
2926 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
2927 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
2928 /* Stop Accounting and IEEE 802.1X sessions, but leave the STA
2929 * authenticated. */
2930 accounting_sta_stop(hapd, sta);
2931 ieee802_1x_free_station(hapd, sta);
2932 if (sta->ipaddr)
2933 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
2934 ap_sta_ip6addr_del(hapd, sta);
2935 hostapd_drv_sta_remove(hapd, sta->addr);
2936 sta->added_unassoc = 0;
2937
2938 if (sta->timeout_next == STA_NULLFUNC ||
2939 sta->timeout_next == STA_DISASSOC) {
2940 sta->timeout_next = STA_DEAUTH;
2941 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
2942 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
2943 hapd, sta);
2944 }
2945
2946 mlme_disassociate_indication(
2947 hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code));
2948
2949 /* DMG/IEEE 802.11ad does not use deauthication. Deallocate sta upon
2950 * disassociation. */
2951 if (hapd->iface->current_mode &&
2952 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
2953 sta->flags &= ~WLAN_STA_AUTH;
2954 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
2955 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2956 HOSTAPD_LEVEL_DEBUG, "deauthenticated");
2957 ap_free_sta(hapd, sta);
2958 }
2959 }
2960
2961
2962 static void handle_deauth(struct hostapd_data *hapd,
2963 const struct ieee80211_mgmt *mgmt, size_t len)
2964 {
2965 struct sta_info *sta;
2966
2967 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) {
2968 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "handle_deauth - too short "
2969 "payload (len=%lu)", (unsigned long) len);
2970 return;
2971 }
2972
2973 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "deauthentication: STA=" MACSTR
2974 " reason_code=%d",
2975 MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code));
2976
2977 sta = ap_get_sta(hapd, mgmt->sa);
2978 if (sta == NULL) {
2979 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
2980 "to deauthenticate, but it is not authenticated",
2981 MAC2STR(mgmt->sa));
2982 return;
2983 }
2984
2985 ap_sta_set_authorized(hapd, sta, 0);
2986 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
2987 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC |
2988 WLAN_STA_ASSOC_REQ_OK);
2989 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
2990 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2991 HOSTAPD_LEVEL_DEBUG, "deauthenticated");
2992 mlme_deauthenticate_indication(
2993 hapd, sta, le_to_host16(mgmt->u.deauth.reason_code));
2994 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
2995 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
2996 ap_free_sta(hapd, sta);
2997 }
2998
2999
3000 static void handle_beacon(struct hostapd_data *hapd,
3001 const struct ieee80211_mgmt *mgmt, size_t len,
3002 struct hostapd_frame_info *fi)
3003 {
3004 struct ieee802_11_elems elems;
3005
3006 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) {
3007 wpa_printf(MSG_INFO, "handle_beacon - too short payload (len=%lu)",
3008 (unsigned long) len);
3009 return;
3010 }
3011
3012 (void) ieee802_11_parse_elems(mgmt->u.beacon.variable,
3013 len - (IEEE80211_HDRLEN +
3014 sizeof(mgmt->u.beacon)), &elems,
3015 0);
3016
3017 ap_list_process_beacon(hapd->iface, mgmt, &elems, fi);
3018 }
3019
3020
3021 #ifdef CONFIG_IEEE80211W
3022
3023 static int hostapd_sa_query_action(struct hostapd_data *hapd,
3024 const struct ieee80211_mgmt *mgmt,
3025 size_t len)
3026 {
3027 const u8 *end;
3028
3029 end = mgmt->u.action.u.sa_query_resp.trans_id +
3030 WLAN_SA_QUERY_TR_ID_LEN;
3031 if (((u8 *) mgmt) + len < end) {
3032 wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action "
3033 "frame (len=%lu)", (unsigned long) len);
3034 return 0;
3035 }
3036
3037 ieee802_11_sa_query_action(hapd, mgmt->sa,
3038 mgmt->u.action.u.sa_query_resp.action,
3039 mgmt->u.action.u.sa_query_resp.trans_id);
3040 return 1;
3041 }
3042
3043
3044 static int robust_action_frame(u8 category)
3045 {
3046 return category != WLAN_ACTION_PUBLIC &&
3047 category != WLAN_ACTION_HT;
3048 }
3049 #endif /* CONFIG_IEEE80211W */
3050
3051
3052 static int handle_action(struct hostapd_data *hapd,
3053 const struct ieee80211_mgmt *mgmt, size_t len)
3054 {
3055 struct sta_info *sta;
3056 sta = ap_get_sta(hapd, mgmt->sa);
3057
3058 if (len < IEEE80211_HDRLEN + 1) {
3059 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3060 HOSTAPD_LEVEL_DEBUG,
3061 "handle_action - too short payload (len=%lu)",
3062 (unsigned long) len);
3063 return 0;
3064 }
3065
3066 if (mgmt->u.action.category != WLAN_ACTION_PUBLIC &&
3067 (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) {
3068 wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action "
3069 "frame (category=%u) from unassociated STA " MACSTR,
3070 mgmt->u.action.category, MAC2STR(mgmt->sa));
3071 return 0;
3072 }
3073
3074 #ifdef CONFIG_IEEE80211W
3075 if (sta && (sta->flags & WLAN_STA_MFP) &&
3076 !(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP)) &&
3077 robust_action_frame(mgmt->u.action.category)) {
3078 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3079 HOSTAPD_LEVEL_DEBUG,
3080 "Dropped unprotected Robust Action frame from "
3081 "an MFP STA");
3082 return 0;
3083 }
3084 #endif /* CONFIG_IEEE80211W */
3085
3086 if (sta) {
3087 u16 fc = le_to_host16(mgmt->frame_control);
3088 u16 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
3089
3090 if ((fc & WLAN_FC_RETRY) &&
3091 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
3092 sta->last_seq_ctrl == seq_ctrl &&
3093 sta->last_subtype == WLAN_FC_STYPE_ACTION) {
3094 hostapd_logger(hapd, sta->addr,
3095 HOSTAPD_MODULE_IEEE80211,
3096 HOSTAPD_LEVEL_DEBUG,
3097 "Drop repeated action frame seq_ctrl=0x%x",
3098 seq_ctrl);
3099 return 1;
3100 }
3101
3102 sta->last_seq_ctrl = seq_ctrl;
3103 sta->last_subtype = WLAN_FC_STYPE_ACTION;
3104 }
3105
3106 switch (mgmt->u.action.category) {
3107 #ifdef CONFIG_IEEE80211R_AP
3108 case WLAN_ACTION_FT:
3109 if (!sta ||
3110 wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action,
3111 len - IEEE80211_HDRLEN))
3112 break;
3113 return 1;
3114 #endif /* CONFIG_IEEE80211R_AP */
3115 case WLAN_ACTION_WMM:
3116 hostapd_wmm_action(hapd, mgmt, len);
3117 return 1;
3118 #ifdef CONFIG_IEEE80211W
3119 case WLAN_ACTION_SA_QUERY:
3120 return hostapd_sa_query_action(hapd, mgmt, len);
3121 #endif /* CONFIG_IEEE80211W */
3122 #ifdef CONFIG_WNM
3123 case WLAN_ACTION_WNM:
3124 ieee802_11_rx_wnm_action_ap(hapd, mgmt, len);
3125 return 1;
3126 #endif /* CONFIG_WNM */
3127 #ifdef CONFIG_FST
3128 case WLAN_ACTION_FST:
3129 if (hapd->iface->fst)
3130 fst_rx_action(hapd->iface->fst, mgmt, len);
3131 else
3132 wpa_printf(MSG_DEBUG,
3133 "FST: Ignore FST Action frame - no FST attached");
3134 return 1;
3135 #endif /* CONFIG_FST */
3136 case WLAN_ACTION_PUBLIC:
3137 case WLAN_ACTION_PROTECTED_DUAL:
3138 #ifdef CONFIG_IEEE80211N
3139 if (len >= IEEE80211_HDRLEN + 2 &&
3140 mgmt->u.action.u.public_action.action ==
3141 WLAN_PA_20_40_BSS_COEX) {
3142 wpa_printf(MSG_DEBUG,
3143 "HT20/40 coex mgmt frame received from STA "
3144 MACSTR, MAC2STR(mgmt->sa));
3145 hostapd_2040_coex_action(hapd, mgmt, len);
3146 }
3147 #endif /* CONFIG_IEEE80211N */
3148 if (hapd->public_action_cb) {
3149 hapd->public_action_cb(hapd->public_action_cb_ctx,
3150 (u8 *) mgmt, len,
3151 hapd->iface->freq);
3152 }
3153 if (hapd->public_action_cb2) {
3154 hapd->public_action_cb2(hapd->public_action_cb2_ctx,
3155 (u8 *) mgmt, len,
3156 hapd->iface->freq);
3157 }
3158 if (hapd->public_action_cb || hapd->public_action_cb2)
3159 return 1;
3160 break;
3161 case WLAN_ACTION_VENDOR_SPECIFIC:
3162 if (hapd->vendor_action_cb) {
3163 if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx,
3164 (u8 *) mgmt, len,
3165 hapd->iface->freq) == 0)
3166 return 1;
3167 }
3168 break;
3169 case WLAN_ACTION_RADIO_MEASUREMENT:
3170 hostapd_handle_radio_measurement(hapd, (const u8 *) mgmt, len);
3171 return 1;
3172 }
3173
3174 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3175 HOSTAPD_LEVEL_DEBUG,
3176 "handle_action - unknown action category %d or invalid "
3177 "frame",
3178 mgmt->u.action.category);
3179 if (!is_multicast_ether_addr(mgmt->da) &&
3180 !(mgmt->u.action.category & 0x80) &&
3181 !is_multicast_ether_addr(mgmt->sa)) {
3182 struct ieee80211_mgmt *resp;
3183
3184 /*
3185 * IEEE 802.11-REVma/D9.0 - 7.3.1.11
3186 * Return the Action frame to the source without change
3187 * except that MSB of the Category set to 1.
3188 */
3189 wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action "
3190 "frame back to sender");
3191 resp = os_malloc(len);
3192 if (resp == NULL)
3193 return 0;
3194 os_memcpy(resp, mgmt, len);
3195 os_memcpy(resp->da, resp->sa, ETH_ALEN);
3196 os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN);
3197 os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN);
3198 resp->u.action.category |= 0x80;
3199
3200 if (hostapd_drv_send_mlme(hapd, resp, len, 0) < 0) {
3201 wpa_printf(MSG_ERROR, "IEEE 802.11: Failed to send "
3202 "Action frame");
3203 }
3204 os_free(resp);
3205 }
3206
3207 return 1;
3208 }
3209
3210
3211 /**
3212 * ieee802_11_mgmt - process incoming IEEE 802.11 management frames
3213 * @hapd: hostapd BSS data structure (the BSS to which the management frame was
3214 * sent to)
3215 * @buf: management frame data (starting from IEEE 802.11 header)
3216 * @len: length of frame data in octets
3217 * @fi: meta data about received frame (signal level, etc.)
3218 *
3219 * Process all incoming IEEE 802.11 management frames. This will be called for
3220 * each frame received from the kernel driver through wlan#ap interface. In
3221 * addition, it can be called to re-inserted pending frames (e.g., when using
3222 * external RADIUS server as an MAC ACL).
3223 */
3224 int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
3225 struct hostapd_frame_info *fi)
3226 {
3227 struct ieee80211_mgmt *mgmt;
3228 u16 fc, stype;
3229 int ret = 0;
3230
3231 if (len < 24)
3232 return 0;
3233
3234 mgmt = (struct ieee80211_mgmt *) buf;
3235 fc = le_to_host16(mgmt->frame_control);
3236 stype = WLAN_FC_GET_STYPE(fc);
3237
3238 if (stype == WLAN_FC_STYPE_BEACON) {
3239 handle_beacon(hapd, mgmt, len, fi);
3240 return 1;
3241 }
3242
3243 if (!is_broadcast_ether_addr(mgmt->bssid) &&
3244 #ifdef CONFIG_P2P
3245 /* Invitation responses can be sent with the peer MAC as BSSID */
3246 !((hapd->conf->p2p & P2P_GROUP_OWNER) &&
3247 stype == WLAN_FC_STYPE_ACTION) &&
3248 #endif /* CONFIG_P2P */
3249 #ifdef CONFIG_MESH
3250 !(hapd->conf->mesh & MESH_ENABLED) &&
3251 #endif /* CONFIG_MESH */
3252 os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) {
3253 wpa_printf(MSG_INFO, "MGMT: BSSID=" MACSTR " not our address",
3254 MAC2STR(mgmt->bssid));
3255 return 0;
3256 }
3257
3258
3259 if (stype == WLAN_FC_STYPE_PROBE_REQ) {
3260 handle_probe_req(hapd, mgmt, len, fi->ssi_signal);
3261 return 1;
3262 }
3263
3264 if (os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) {
3265 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3266 HOSTAPD_LEVEL_DEBUG,
3267 "MGMT: DA=" MACSTR " not our address",
3268 MAC2STR(mgmt->da));
3269 return 0;
3270 }
3271
3272 if (hapd->iconf->track_sta_max_num)
3273 sta_track_add(hapd->iface, mgmt->sa, fi->ssi_signal);
3274
3275 switch (stype) {
3276 case WLAN_FC_STYPE_AUTH:
3277 wpa_printf(MSG_DEBUG, "mgmt::auth");
3278 handle_auth(hapd, mgmt, len);
3279 ret = 1;
3280 break;
3281 case WLAN_FC_STYPE_ASSOC_REQ:
3282 wpa_printf(MSG_DEBUG, "mgmt::assoc_req");
3283 handle_assoc(hapd, mgmt, len, 0);
3284 ret = 1;
3285 break;
3286 case WLAN_FC_STYPE_REASSOC_REQ:
3287 wpa_printf(MSG_DEBUG, "mgmt::reassoc_req");
3288 handle_assoc(hapd, mgmt, len, 1);
3289 ret = 1;
3290 break;
3291 case WLAN_FC_STYPE_DISASSOC:
3292 wpa_printf(MSG_DEBUG, "mgmt::disassoc");
3293 handle_disassoc(hapd, mgmt, len);
3294 ret = 1;
3295 break;
3296 case WLAN_FC_STYPE_DEAUTH:
3297 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth");
3298 handle_deauth(hapd, mgmt, len);
3299 ret = 1;
3300 break;
3301 case WLAN_FC_STYPE_ACTION:
3302 wpa_printf(MSG_DEBUG, "mgmt::action");
3303 ret = handle_action(hapd, mgmt, len);
3304 break;
3305 default:
3306 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3307 HOSTAPD_LEVEL_DEBUG,
3308 "unknown mgmt frame subtype %d", stype);
3309 break;
3310 }
3311
3312 return ret;
3313 }
3314
3315
3316 static void handle_auth_cb(struct hostapd_data *hapd,
3317 const struct ieee80211_mgmt *mgmt,
3318 size_t len, int ok)
3319 {
3320 u16 auth_alg, auth_transaction, status_code;
3321 struct sta_info *sta;
3322
3323 sta = ap_get_sta(hapd, mgmt->da);
3324 if (!sta) {
3325 wpa_printf(MSG_INFO, "handle_auth_cb: STA " MACSTR " not found",
3326 MAC2STR(mgmt->da));
3327 return;
3328 }
3329
3330 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
3331 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
3332 status_code = le_to_host16(mgmt->u.auth.status_code);
3333
3334 if (!ok) {
3335 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
3336 HOSTAPD_LEVEL_NOTICE,
3337 "did not acknowledge authentication response");
3338 goto fail;
3339 }
3340
3341 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
3342 wpa_printf(MSG_INFO, "handle_auth_cb - too short payload (len=%lu)",
3343 (unsigned long) len);
3344 goto fail;
3345 }
3346
3347 if (status_code == WLAN_STATUS_SUCCESS &&
3348 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) ||
3349 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) {
3350 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3351 HOSTAPD_LEVEL_INFO, "authenticated");
3352 sta->flags |= WLAN_STA_AUTH;
3353 if (sta->added_unassoc)
3354 hostapd_set_sta_flags(hapd, sta);
3355 return;
3356 }
3357
3358 fail:
3359 if (status_code != WLAN_STATUS_SUCCESS && sta->added_unassoc) {
3360 hostapd_drv_sta_remove(hapd, sta->addr);
3361 sta->added_unassoc = 0;
3362 }
3363 }
3364
3365
3366 static void hostapd_set_wds_encryption(struct hostapd_data *hapd,
3367 struct sta_info *sta,
3368 char *ifname_wds)
3369 {
3370 int i;
3371 struct hostapd_ssid *ssid = &hapd->conf->ssid;
3372
3373 if (hapd->conf->ieee802_1x || hapd->conf->wpa)
3374 return;
3375
3376 for (i = 0; i < 4; i++) {
3377 if (ssid->wep.key[i] &&
3378 hostapd_drv_set_key(ifname_wds, hapd, WPA_ALG_WEP, NULL, i,
3379 i == ssid->wep.idx, NULL, 0,
3380 ssid->wep.key[i], ssid->wep.len[i])) {
3381 wpa_printf(MSG_WARNING,
3382 "Could not set WEP keys for WDS interface; %s",
3383 ifname_wds);
3384 break;
3385 }
3386 }
3387 }
3388
3389
3390 static void handle_assoc_cb(struct hostapd_data *hapd,
3391 const struct ieee80211_mgmt *mgmt,
3392 size_t len, int reassoc, int ok)
3393 {
3394 u16 status;
3395 struct sta_info *sta;
3396 int new_assoc = 1;
3397
3398 sta = ap_get_sta(hapd, mgmt->da);
3399 if (!sta) {
3400 wpa_printf(MSG_INFO, "handle_assoc_cb: STA " MACSTR " not found",
3401 MAC2STR(mgmt->da));
3402 return;
3403 }
3404
3405 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) :
3406 sizeof(mgmt->u.assoc_resp))) {
3407 wpa_printf(MSG_INFO,
3408 "handle_assoc_cb(reassoc=%d) - too short payload (len=%lu)",
3409 reassoc, (unsigned long) len);
3410 hostapd_drv_sta_remove(hapd, sta->addr);
3411 return;
3412 }
3413
3414 if (reassoc)
3415 status = le_to_host16(mgmt->u.reassoc_resp.status_code);
3416 else
3417 status = le_to_host16(mgmt->u.assoc_resp.status_code);
3418
3419 if (!ok) {
3420 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
3421 HOSTAPD_LEVEL_DEBUG,
3422 "did not acknowledge association response");
3423 sta->flags &= ~WLAN_STA_ASSOC_REQ_OK;
3424 /* The STA is added only in case of SUCCESS */
3425 if (status == WLAN_STATUS_SUCCESS)
3426 hostapd_drv_sta_remove(hapd, sta->addr);
3427
3428 return;
3429 }
3430
3431 if (status != WLAN_STATUS_SUCCESS)
3432 return;
3433
3434 /* Stop previous accounting session, if one is started, and allocate
3435 * new session id for the new session. */
3436 accounting_sta_stop(hapd, sta);
3437
3438 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3439 HOSTAPD_LEVEL_INFO,
3440 "associated (aid %d)",
3441 sta->aid);
3442
3443 if (sta->flags & WLAN_STA_ASSOC)
3444 new_assoc = 0;
3445 sta->flags |= WLAN_STA_ASSOC;
3446 sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE;
3447 if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa &&
3448 !hapd->conf->osen) ||
3449 sta->auth_alg == WLAN_AUTH_FILS_SK ||
3450 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
3451 sta->auth_alg == WLAN_AUTH_FILS_PK ||
3452 sta->auth_alg == WLAN_AUTH_FT) {
3453 /*
3454 * Open, static WEP, FT protocol, or FILS; no separate
3455 * authorization step.
3456 */
3457 ap_sta_set_authorized(hapd, sta, 1);
3458 }
3459
3460 if (reassoc)
3461 mlme_reassociate_indication(hapd, sta);
3462 else
3463 mlme_associate_indication(hapd, sta);
3464
3465 #ifdef CONFIG_IEEE80211W
3466 sta->sa_query_timed_out = 0;
3467 #endif /* CONFIG_IEEE80211W */
3468
3469 if (sta->eapol_sm == NULL) {
3470 /*
3471 * This STA does not use RADIUS server for EAP authentication,
3472 * so bind it to the selected VLAN interface now, since the
3473 * interface selection is not going to change anymore.
3474 */
3475 if (ap_sta_bind_vlan(hapd, sta) < 0)
3476 return;
3477 } else if (sta->vlan_id) {
3478 /* VLAN ID already set (e.g., by PMKSA caching), so bind STA */
3479 if (ap_sta_bind_vlan(hapd, sta) < 0)
3480 return;
3481 }
3482
3483 hostapd_set_sta_flags(hapd, sta);
3484
3485 if (!(sta->flags & WLAN_STA_WDS) && sta->pending_wds_enable) {
3486 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for STA "
3487 MACSTR " based on pending request",
3488 MAC2STR(sta->addr));
3489 sta->pending_wds_enable = 0;
3490 sta->flags |= WLAN_STA_WDS;
3491 }
3492
3493 if (sta->flags & WLAN_STA_WDS) {
3494 int ret;
3495 char ifname_wds[IFNAMSIZ + 1];
3496
3497 wpa_printf(MSG_DEBUG, "Reenable 4-address WDS mode for STA "
3498 MACSTR " (aid %u)",
3499 MAC2STR(sta->addr), sta->aid);
3500 ret = hostapd_set_wds_sta(hapd, ifname_wds, sta->addr,
3501 sta->aid, 1);
3502 if (!ret)
3503 hostapd_set_wds_encryption(hapd, sta, ifname_wds);
3504 }
3505
3506 if (sta->auth_alg == WLAN_AUTH_FT)
3507 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT);
3508 else
3509 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC);
3510 hapd->new_assoc_sta_cb(hapd, sta, !new_assoc);
3511 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
3512
3513 #ifdef CONFIG_FILS
3514 if ((sta->auth_alg == WLAN_AUTH_FILS_SK ||
3515 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
3516 sta->auth_alg == WLAN_AUTH_FILS_PK) &&
3517 fils_set_tk(sta->wpa_sm) < 0) {
3518 wpa_printf(MSG_DEBUG, "FILS: TK configuration failed");
3519 ap_sta_disconnect(hapd, sta, sta->addr,
3520 WLAN_REASON_UNSPECIFIED);
3521 return;
3522 }
3523 #endif /* CONFIG_FILS */
3524
3525 if (sta->pending_eapol_rx) {
3526 struct os_reltime now, age;
3527
3528 os_get_reltime(&now);
3529 os_reltime_sub(&now, &sta->pending_eapol_rx->rx_time, &age);
3530 if (age.sec == 0 && age.usec < 200000) {
3531 wpa_printf(MSG_DEBUG,
3532 "Process pending EAPOL frame that was received from " MACSTR " just before association notification",
3533 MAC2STR(sta->addr));
3534 ieee802_1x_receive(
3535 hapd, mgmt->da,
3536 wpabuf_head(sta->pending_eapol_rx->buf),
3537 wpabuf_len(sta->pending_eapol_rx->buf));
3538 }
3539 wpabuf_free(sta->pending_eapol_rx->buf);
3540 os_free(sta->pending_eapol_rx);
3541 sta->pending_eapol_rx = NULL;
3542 }
3543 }
3544
3545
3546 static void handle_deauth_cb(struct hostapd_data *hapd,
3547 const struct ieee80211_mgmt *mgmt,
3548 size_t len, int ok)
3549 {
3550 struct sta_info *sta;
3551 if (is_multicast_ether_addr(mgmt->da))
3552 return;
3553 sta = ap_get_sta(hapd, mgmt->da);
3554 if (!sta) {
3555 wpa_printf(MSG_DEBUG, "handle_deauth_cb: STA " MACSTR
3556 " not found", MAC2STR(mgmt->da));
3557 return;
3558 }
3559 if (ok)
3560 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged deauth",
3561 MAC2STR(sta->addr));
3562 else
3563 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge "
3564 "deauth", MAC2STR(sta->addr));
3565
3566 ap_sta_deauth_cb(hapd, sta);
3567 }
3568
3569
3570 static void handle_disassoc_cb(struct hostapd_data *hapd,
3571 const struct ieee80211_mgmt *mgmt,
3572 size_t len, int ok)
3573 {
3574 struct sta_info *sta;
3575 if (is_multicast_ether_addr(mgmt->da))
3576 return;
3577 sta = ap_get_sta(hapd, mgmt->da);
3578 if (!sta) {
3579 wpa_printf(MSG_DEBUG, "handle_disassoc_cb: STA " MACSTR
3580 " not found", MAC2STR(mgmt->da));
3581 return;
3582 }
3583 if (ok)
3584 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged disassoc",
3585 MAC2STR(sta->addr));
3586 else
3587 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge "
3588 "disassoc", MAC2STR(sta->addr));
3589
3590 ap_sta_disassoc_cb(hapd, sta);
3591 }
3592
3593
3594 static void handle_action_cb(struct hostapd_data *hapd,
3595 const struct ieee80211_mgmt *mgmt,
3596 size_t len, int ok)
3597 {
3598 struct sta_info *sta;
3599 const struct rrm_measurement_report_element *report;
3600
3601 if (is_multicast_ether_addr(mgmt->da))
3602 return;
3603 sta = ap_get_sta(hapd, mgmt->da);
3604 if (!sta) {
3605 wpa_printf(MSG_DEBUG, "handle_action_cb: STA " MACSTR
3606 " not found", MAC2STR(mgmt->da));
3607 return;
3608 }
3609
3610 if (len < 24 + 5 + sizeof(*report))
3611 return;
3612 report = (const struct rrm_measurement_report_element *)
3613 &mgmt->u.action.u.rrm.variable[2];
3614 if (mgmt->u.action.category == WLAN_ACTION_RADIO_MEASUREMENT &&
3615 mgmt->u.action.u.rrm.action == WLAN_RRM_RADIO_MEASUREMENT_REQUEST &&
3616 report->eid == WLAN_EID_MEASURE_REQUEST &&
3617 report->len >= 3 &&
3618 report->type == MEASURE_TYPE_BEACON)
3619 hostapd_rrm_beacon_req_tx_status(hapd, mgmt, len, ok);
3620 }
3621
3622
3623 /**
3624 * ieee802_11_mgmt_cb - Process management frame TX status callback
3625 * @hapd: hostapd BSS data structure (the BSS from which the management frame
3626 * was sent from)
3627 * @buf: management frame data (starting from IEEE 802.11 header)
3628 * @len: length of frame data in octets
3629 * @stype: management frame subtype from frame control field
3630 * @ok: Whether the frame was ACK'ed
3631 */
3632 void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len,
3633 u16 stype, int ok)
3634 {
3635 const struct ieee80211_mgmt *mgmt;
3636 mgmt = (const struct ieee80211_mgmt *) buf;
3637
3638 #ifdef CONFIG_TESTING_OPTIONS
3639 if (hapd->ext_mgmt_frame_handling) {
3640 wpa_msg(hapd->msg_ctx, MSG_INFO, "MGMT-TX-STATUS stype=%u ok=%d",
3641 stype, ok);
3642 return;
3643 }
3644 #endif /* CONFIG_TESTING_OPTIONS */
3645
3646 switch (stype) {
3647 case WLAN_FC_STYPE_AUTH:
3648 wpa_printf(MSG_DEBUG, "mgmt::auth cb");
3649 handle_auth_cb(hapd, mgmt, len, ok);
3650 break;
3651 case WLAN_FC_STYPE_ASSOC_RESP:
3652 wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb");
3653 handle_assoc_cb(hapd, mgmt, len, 0, ok);
3654 break;
3655 case WLAN_FC_STYPE_REASSOC_RESP:
3656 wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb");
3657 handle_assoc_cb(hapd, mgmt, len, 1, ok);
3658 break;
3659 case WLAN_FC_STYPE_PROBE_RESP:
3660 wpa_printf(MSG_EXCESSIVE, "mgmt::proberesp cb ok=%d", ok);
3661 break;
3662 case WLAN_FC_STYPE_DEAUTH:
3663 wpa_printf(MSG_DEBUG, "mgmt::deauth cb");
3664 handle_deauth_cb(hapd, mgmt, len, ok);
3665 break;
3666 case WLAN_FC_STYPE_DISASSOC:
3667 wpa_printf(MSG_DEBUG, "mgmt::disassoc cb");
3668 handle_disassoc_cb(hapd, mgmt, len, ok);
3669 break;
3670 case WLAN_FC_STYPE_ACTION:
3671 wpa_printf(MSG_DEBUG, "mgmt::action cb ok=%d", ok);
3672 handle_action_cb(hapd, mgmt, len, ok);
3673 break;
3674 default:
3675 wpa_printf(MSG_INFO, "unknown mgmt cb frame subtype %d", stype);
3676 break;
3677 }
3678 }
3679
3680
3681 int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
3682 {
3683 /* TODO */
3684 return 0;
3685 }
3686
3687
3688 int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
3689 char *buf, size_t buflen)
3690 {
3691 /* TODO */
3692 return 0;
3693 }
3694
3695
3696 void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr,
3697 const u8 *buf, size_t len, int ack)
3698 {
3699 struct sta_info *sta;
3700 struct hostapd_iface *iface = hapd->iface;
3701
3702 sta = ap_get_sta(hapd, addr);
3703 if (sta == NULL && iface->num_bss > 1) {
3704 size_t j;
3705 for (j = 0; j < iface->num_bss; j++) {
3706 hapd = iface->bss[j];
3707 sta = ap_get_sta(hapd, addr);
3708 if (sta)
3709 break;
3710 }
3711 }
3712 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))
3713 return;
3714 if (sta->flags & WLAN_STA_PENDING_POLL) {
3715 wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending "
3716 "activity poll", MAC2STR(sta->addr),
3717 ack ? "ACKed" : "did not ACK");
3718 if (ack)
3719 sta->flags &= ~WLAN_STA_PENDING_POLL;
3720 }
3721
3722 ieee802_1x_tx_status(hapd, sta, buf, len, ack);
3723 }
3724
3725
3726 void hostapd_eapol_tx_status(struct hostapd_data *hapd, const u8 *dst,
3727 const u8 *data, size_t len, int ack)
3728 {
3729 struct sta_info *sta;
3730 struct hostapd_iface *iface = hapd->iface;
3731
3732 sta = ap_get_sta(hapd, dst);
3733 if (sta == NULL && iface->num_bss > 1) {
3734 size_t j;
3735 for (j = 0; j < iface->num_bss; j++) {
3736 hapd = iface->bss[j];
3737 sta = ap_get_sta(hapd, dst);
3738 if (sta)
3739 break;
3740 }
3741 }
3742 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) {
3743 wpa_printf(MSG_DEBUG, "Ignore TX status for Data frame to STA "
3744 MACSTR " that is not currently associated",
3745 MAC2STR(dst));
3746 return;
3747 }
3748
3749 ieee802_1x_eapol_tx_status(hapd, sta, data, len, ack);
3750 }
3751
3752
3753 void hostapd_client_poll_ok(struct hostapd_data *hapd, const u8 *addr)
3754 {
3755 struct sta_info *sta;
3756 struct hostapd_iface *iface = hapd->iface;
3757
3758 sta = ap_get_sta(hapd, addr);
3759 if (sta == NULL && iface->num_bss > 1) {
3760 size_t j;
3761 for (j = 0; j < iface->num_bss; j++) {
3762 hapd = iface->bss[j];
3763 sta = ap_get_sta(hapd, addr);
3764 if (sta)
3765 break;
3766 }
3767 }
3768 if (sta == NULL)
3769 return;
3770 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POLL_OK MACSTR,
3771 MAC2STR(sta->addr));
3772 if (!(sta->flags & WLAN_STA_PENDING_POLL))
3773 return;
3774
3775 wpa_printf(MSG_DEBUG, "STA " MACSTR " ACKed pending "
3776 "activity poll", MAC2STR(sta->addr));
3777 sta->flags &= ~WLAN_STA_PENDING_POLL;
3778 }
3779
3780
3781 void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src,
3782 int wds)
3783 {
3784 struct sta_info *sta;
3785
3786 sta = ap_get_sta(hapd, src);
3787 if (sta &&
3788 ((sta->flags & WLAN_STA_ASSOC) ||
3789 ((sta->flags & WLAN_STA_ASSOC_REQ_OK) && wds))) {
3790 if (!hapd->conf->wds_sta)
3791 return;
3792
3793 if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK)) ==
3794 WLAN_STA_ASSOC_REQ_OK) {
3795 wpa_printf(MSG_DEBUG,
3796 "Postpone 4-address WDS mode enabling for STA "
3797 MACSTR " since TX status for AssocResp is not yet known",
3798 MAC2STR(sta->addr));
3799 sta->pending_wds_enable = 1;
3800 return;
3801 }
3802
3803 if (wds && !(sta->flags & WLAN_STA_WDS)) {
3804 int ret;
3805 char ifname_wds[IFNAMSIZ + 1];
3806
3807 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for "
3808 "STA " MACSTR " (aid %u)",
3809 MAC2STR(sta->addr), sta->aid);
3810 sta->flags |= WLAN_STA_WDS;
3811 ret = hostapd_set_wds_sta(hapd, ifname_wds,
3812 sta->addr, sta->aid, 1);
3813 if (!ret)
3814 hostapd_set_wds_encryption(hapd, sta,
3815 ifname_wds);
3816 }
3817 return;
3818 }
3819
3820 wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA "
3821 MACSTR, MAC2STR(src));
3822 if (is_multicast_ether_addr(src)) {
3823 /* Broadcast bit set in SA?! Ignore the frame silently. */
3824 return;
3825 }
3826
3827 if (sta && (sta->flags & WLAN_STA_ASSOC_REQ_OK)) {
3828 wpa_printf(MSG_DEBUG, "Association Response to the STA has "
3829 "already been sent, but no TX status yet known - "
3830 "ignore Class 3 frame issue with " MACSTR,
3831 MAC2STR(src));
3832 return;
3833 }
3834
3835 if (sta && (sta->flags & WLAN_STA_AUTH))
3836 hostapd_drv_sta_disassoc(
3837 hapd, src,
3838 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
3839 else
3840 hostapd_drv_sta_deauth(
3841 hapd, src,
3842 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
3843 }
3844
3845
3846 #endif /* CONFIG_NATIVE_WINDOWS */
Unnamed repository; edit this file 'description' to name the repository.