2008-02-28 02:34:43 +01:00
|
|
|
/*
|
|
|
|
* hostapd / IEEE 802.11 Management
|
2014-10-18 12:00:29 +02:00
|
|
|
* Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi>
|
2008-02-28 02:34:43 +01:00
|
|
|
*
|
2012-02-11 15:46:35 +01:00
|
|
|
* This software may be distributed under the terms of the BSD license.
|
|
|
|
* See README for more details.
|
2008-02-28 02:34:43 +01:00
|
|
|
*/
|
|
|
|
|
2009-12-25 00:12:50 +01:00
|
|
|
#include "utils/includes.h"
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
#ifndef CONFIG_NATIVE_WINDOWS
|
|
|
|
|
2009-12-25 00:12:50 +01:00
|
|
|
#include "utils/common.h"
|
|
|
|
#include "utils/eloop.h"
|
2009-11-29 22:04:43 +01:00
|
|
|
#include "crypto/crypto.h"
|
2012-12-31 15:58:36 +01:00
|
|
|
#include "crypto/sha256.h"
|
|
|
|
#include "crypto/random.h"
|
2009-12-25 23:31:51 +01:00
|
|
|
#include "common/ieee802_11_defs.h"
|
|
|
|
#include "common/ieee802_11_common.h"
|
2009-11-29 22:04:43 +01:00
|
|
|
#include "common/wpa_ctrl.h"
|
2012-12-30 20:48:19 +01:00
|
|
|
#include "common/sae.h"
|
2009-11-29 22:04:43 +01:00
|
|
|
#include "radius/radius.h"
|
|
|
|
#include "radius/radius_client.h"
|
2010-07-18 23:30:25 +02:00
|
|
|
#include "p2p/p2p.h"
|
2010-05-26 17:46:08 +02:00
|
|
|
#include "wps/wps.h"
|
2015-01-21 14:30:48 +01:00
|
|
|
#include "fst/fst.h"
|
2008-02-28 02:34:43 +01:00
|
|
|
#include "hostapd.h"
|
|
|
|
#include "beacon.h"
|
|
|
|
#include "ieee802_11_auth.h"
|
|
|
|
#include "sta_info.h"
|
|
|
|
#include "ieee802_1x.h"
|
2009-12-25 23:05:40 +01:00
|
|
|
#include "wpa_auth.h"
|
2014-10-18 12:00:29 +02:00
|
|
|
#include "pmksa_cache_auth.h"
|
2009-12-25 00:12:50 +01:00
|
|
|
#include "wmm.h"
|
2008-02-28 02:34:43 +01:00
|
|
|
#include "ap_list.h"
|
|
|
|
#include "accounting.h"
|
2009-12-25 23:05:40 +01:00
|
|
|
#include "ap_config.h"
|
|
|
|
#include "ap_mlme.h"
|
2010-10-08 17:16:07 +02:00
|
|
|
#include "p2p_hostapd.h"
|
2010-11-24 14:19:50 +01:00
|
|
|
#include "ap_drv_ops.h"
|
2012-12-16 18:16:17 +01:00
|
|
|
#include "wnm_ap.h"
|
2015-09-05 18:00:03 +02:00
|
|
|
#include "hw_features.h"
|
2009-12-25 23:05:40 +01:00
|
|
|
#include "ieee802_11.h"
|
2014-02-21 14:42:18 +01:00
|
|
|
#include "dfs.h"
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
|
|
|
|
u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
|
|
|
|
{
|
|
|
|
u8 *pos = eid;
|
|
|
|
int i, num, count;
|
|
|
|
|
|
|
|
if (hapd->iface->current_rates == NULL)
|
|
|
|
return eid;
|
|
|
|
|
|
|
|
*pos++ = WLAN_EID_SUPP_RATES;
|
|
|
|
num = hapd->iface->num_rates;
|
2011-02-09 14:08:47 +01:00
|
|
|
if (hapd->iconf->ieee80211n && hapd->iconf->require_ht)
|
|
|
|
num++;
|
2012-11-24 16:27:16 +01:00
|
|
|
if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
|
|
|
|
num++;
|
2008-02-28 02:34:43 +01:00
|
|
|
if (num > 8) {
|
|
|
|
/* rest of the rates are encoded in Extended supported
|
|
|
|
* rates element */
|
|
|
|
num = 8;
|
|
|
|
}
|
|
|
|
|
|
|
|
*pos++ = num;
|
|
|
|
for (i = 0, count = 0; i < hapd->iface->num_rates && count < num;
|
|
|
|
i++) {
|
|
|
|
count++;
|
|
|
|
*pos = hapd->iface->current_rates[i].rate / 5;
|
|
|
|
if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
|
|
|
|
*pos |= 0x80;
|
|
|
|
pos++;
|
|
|
|
}
|
|
|
|
|
2012-11-24 16:27:16 +01:00
|
|
|
if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && count < 8) {
|
|
|
|
count++;
|
2011-02-09 14:08:47 +01:00
|
|
|
*pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY;
|
2012-11-24 16:27:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && count < 8) {
|
|
|
|
count++;
|
|
|
|
*pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
|
|
|
|
}
|
2011-02-09 14:08:47 +01:00
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
return pos;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid)
|
|
|
|
{
|
|
|
|
u8 *pos = eid;
|
|
|
|
int i, num, count;
|
|
|
|
|
|
|
|
if (hapd->iface->current_rates == NULL)
|
|
|
|
return eid;
|
|
|
|
|
|
|
|
num = hapd->iface->num_rates;
|
2011-02-09 14:08:47 +01:00
|
|
|
if (hapd->iconf->ieee80211n && hapd->iconf->require_ht)
|
|
|
|
num++;
|
2012-11-24 16:27:16 +01:00
|
|
|
if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
|
|
|
|
num++;
|
2008-02-28 02:34:43 +01:00
|
|
|
if (num <= 8)
|
|
|
|
return eid;
|
|
|
|
num -= 8;
|
|
|
|
|
|
|
|
*pos++ = WLAN_EID_EXT_SUPP_RATES;
|
|
|
|
*pos++ = num;
|
|
|
|
for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8;
|
|
|
|
i++) {
|
|
|
|
count++;
|
|
|
|
if (count <= 8)
|
|
|
|
continue; /* already in SuppRates IE */
|
|
|
|
*pos = hapd->iface->current_rates[i].rate / 5;
|
|
|
|
if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
|
|
|
|
*pos |= 0x80;
|
|
|
|
pos++;
|
|
|
|
}
|
|
|
|
|
2012-11-24 16:27:16 +01:00
|
|
|
if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) {
|
|
|
|
count++;
|
|
|
|
if (count > 8)
|
|
|
|
*pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) {
|
|
|
|
count++;
|
|
|
|
if (count > 8)
|
|
|
|
*pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
|
|
|
|
}
|
2011-02-09 14:08:47 +01:00
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
return pos;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-04-20 23:33:25 +02:00
|
|
|
u16 hostapd_own_capab_info(struct hostapd_data *hapd)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
|
|
|
int capab = WLAN_CAPABILITY_ESS;
|
|
|
|
int privacy;
|
2014-02-21 14:42:18 +01:00
|
|
|
int dfs;
|
|
|
|
|
|
|
|
/* Check if any of configured channels require DFS */
|
|
|
|
dfs = hostapd_is_dfs_required(hapd->iface);
|
|
|
|
if (dfs < 0) {
|
|
|
|
wpa_printf(MSG_WARNING, "Failed to check if DFS is required; ret=%d",
|
|
|
|
dfs);
|
|
|
|
dfs = 0;
|
|
|
|
}
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
if (hapd->iface->num_sta_no_short_preamble == 0 &&
|
|
|
|
hapd->iconf->preamble == SHORT_PREAMBLE)
|
|
|
|
capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
|
|
|
|
|
|
|
|
privacy = hapd->conf->ssid.wep.keys_set;
|
|
|
|
|
|
|
|
if (hapd->conf->ieee802_1x &&
|
|
|
|
(hapd->conf->default_wep_key_len ||
|
|
|
|
hapd->conf->individual_wep_key_len))
|
|
|
|
privacy = 1;
|
|
|
|
|
|
|
|
if (hapd->conf->wpa)
|
|
|
|
privacy = 1;
|
|
|
|
|
2013-07-23 20:25:21 +02:00
|
|
|
#ifdef CONFIG_HS20
|
|
|
|
if (hapd->conf->osen)
|
|
|
|
privacy = 1;
|
|
|
|
#endif /* CONFIG_HS20 */
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (privacy)
|
|
|
|
capab |= WLAN_CAPABILITY_PRIVACY;
|
|
|
|
|
|
|
|
if (hapd->iface->current_mode &&
|
|
|
|
hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G &&
|
|
|
|
hapd->iface->num_sta_no_short_slot_time == 0)
|
|
|
|
capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
|
|
|
|
|
2014-02-21 14:42:18 +01:00
|
|
|
/*
|
|
|
|
* Currently, Spectrum Management capability bit is set when directly
|
|
|
|
* requested in configuration by spectrum_mgmt_required or when AP is
|
|
|
|
* running on DFS channel.
|
|
|
|
* TODO: Also consider driver support for TPC to set Spectrum Mgmt bit
|
|
|
|
*/
|
|
|
|
if (hapd->iface->current_mode &&
|
|
|
|
hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211A &&
|
|
|
|
(hapd->iconf->spectrum_mgmt_required || dfs))
|
|
|
|
capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
|
|
|
|
|
2014-12-12 19:45:31 +01:00
|
|
|
if (hapd->conf->radio_measurements)
|
|
|
|
capab |= IEEE80211_CAP_RRM;
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
return capab;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-08-01 22:37:07 +02:00
|
|
|
#ifndef CONFIG_NO_RC4
|
2008-02-28 02:34:43 +01:00
|
|
|
static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta,
|
2009-12-13 22:25:30 +01:00
|
|
|
u16 auth_transaction, const u8 *challenge,
|
|
|
|
int iswep)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"authentication (shared key, transaction %d)",
|
|
|
|
auth_transaction);
|
|
|
|
|
|
|
|
if (auth_transaction == 1) {
|
|
|
|
if (!sta->challenge) {
|
|
|
|
/* Generate a pseudo-random challenge */
|
|
|
|
u8 key[8];
|
2011-04-11 17:33:48 +02:00
|
|
|
struct os_time now;
|
2008-02-28 02:34:43 +01:00
|
|
|
int r;
|
|
|
|
sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN);
|
|
|
|
if (sta->challenge == NULL)
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
|
2011-04-11 17:33:48 +02:00
|
|
|
os_get_time(&now);
|
|
|
|
r = os_random();
|
|
|
|
os_memcpy(key, &now.sec, 4);
|
2008-02-28 02:34:43 +01:00
|
|
|
os_memcpy(key + 4, &r, 4);
|
2009-08-16 18:57:50 +02:00
|
|
|
rc4_skip(key, sizeof(key), 0,
|
|
|
|
sta->challenge, WLAN_AUTH_CHALLENGE_LEN);
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (auth_transaction != 3)
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
|
|
|
|
/* Transaction 3 */
|
|
|
|
if (!iswep || !sta->challenge || !challenge ||
|
2014-06-29 19:27:45 +02:00
|
|
|
os_memcmp_const(sta->challenge, challenge,
|
|
|
|
WLAN_AUTH_CHALLENGE_LEN)) {
|
2008-02-28 02:34:43 +01:00
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO,
|
|
|
|
"shared key authentication - invalid "
|
|
|
|
"challenge-response");
|
|
|
|
return WLAN_STATUS_CHALLENGE_FAIL;
|
|
|
|
}
|
|
|
|
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"authentication OK (shared key)");
|
|
|
|
sta->flags |= WLAN_STA_AUTH;
|
|
|
|
wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
|
|
|
|
os_free(sta->challenge);
|
|
|
|
sta->challenge = NULL;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2015-08-01 22:37:07 +02:00
|
|
|
#endif /* CONFIG_NO_RC4 */
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
|
|
|
|
static void send_auth_reply(struct hostapd_data *hapd,
|
|
|
|
const u8 *dst, const u8 *bssid,
|
|
|
|
u16 auth_alg, u16 auth_transaction, u16 resp,
|
|
|
|
const u8 *ies, size_t ies_len)
|
|
|
|
{
|
|
|
|
struct ieee80211_mgmt *reply;
|
|
|
|
u8 *buf;
|
|
|
|
size_t rlen;
|
|
|
|
|
|
|
|
rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len;
|
|
|
|
buf = os_zalloc(rlen);
|
|
|
|
if (buf == NULL)
|
|
|
|
return;
|
|
|
|
|
|
|
|
reply = (struct ieee80211_mgmt *) buf;
|
|
|
|
reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
|
|
|
|
WLAN_FC_STYPE_AUTH);
|
|
|
|
os_memcpy(reply->da, dst, ETH_ALEN);
|
|
|
|
os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN);
|
|
|
|
os_memcpy(reply->bssid, bssid, ETH_ALEN);
|
|
|
|
|
|
|
|
reply->u.auth.auth_alg = host_to_le16(auth_alg);
|
|
|
|
reply->u.auth.auth_transaction = host_to_le16(auth_transaction);
|
|
|
|
reply->u.auth.status_code = host_to_le16(resp);
|
|
|
|
|
|
|
|
if (ies && ies_len)
|
|
|
|
os_memcpy(reply->u.auth.variable, ies, ies_len);
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR
|
|
|
|
" auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu)",
|
|
|
|
MAC2STR(dst), auth_alg, auth_transaction,
|
|
|
|
resp, (unsigned long) ies_len);
|
2011-11-19 18:02:05 +01:00
|
|
|
if (hostapd_drv_send_mlme(hapd, reply, rlen, 0) < 0)
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "send_auth_reply: send");
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
os_free(buf);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211R
|
|
|
|
static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid,
|
|
|
|
u16 auth_transaction, u16 status,
|
|
|
|
const u8 *ies, size_t ies_len)
|
|
|
|
{
|
|
|
|
struct hostapd_data *hapd = ctx;
|
|
|
|
struct sta_info *sta;
|
|
|
|
|
|
|
|
send_auth_reply(hapd, dst, bssid, WLAN_AUTH_FT, auth_transaction,
|
|
|
|
status, ies, ies_len);
|
|
|
|
|
|
|
|
if (status != WLAN_STATUS_SUCCESS)
|
|
|
|
return;
|
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, dst);
|
|
|
|
if (sta == NULL)
|
|
|
|
return;
|
|
|
|
|
|
|
|
hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)");
|
|
|
|
sta->flags |= WLAN_STA_AUTH;
|
|
|
|
mlme_authenticate_indication(hapd, sta);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211R */
|
|
|
|
|
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
#ifdef CONFIG_SAE
|
2012-10-06 18:30:54 +02:00
|
|
|
|
2015-01-07 07:10:57 +01:00
|
|
|
#define dot11RSNASAESync 5 /* attempts */
|
|
|
|
|
|
|
|
|
2014-09-01 06:23:30 +02:00
|
|
|
static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd,
|
2014-11-25 03:04:40 +01:00
|
|
|
struct sta_info *sta, int update)
|
2012-10-06 18:30:54 +02:00
|
|
|
{
|
|
|
|
struct wpabuf *buf;
|
|
|
|
|
2012-12-30 21:16:18 +01:00
|
|
|
if (hapd->conf->ssid.wpa_passphrase == NULL) {
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: No password available");
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2014-11-25 03:04:40 +01:00
|
|
|
if (update &&
|
|
|
|
sae_prepare_commit(hapd->own_addr, sta->addr,
|
2012-12-30 21:06:11 +01:00
|
|
|
(u8 *) hapd->conf->ssid.wpa_passphrase,
|
|
|
|
os_strlen(hapd->conf->ssid.wpa_passphrase),
|
|
|
|
sta->sae) < 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
|
2012-10-06 18:30:54 +02:00
|
|
|
return NULL;
|
2012-12-30 21:06:11 +01:00
|
|
|
}
|
2012-10-06 18:30:54 +02:00
|
|
|
|
2012-12-30 21:06:11 +01:00
|
|
|
buf = wpabuf_alloc(SAE_COMMIT_MAX_LEN);
|
|
|
|
if (buf == NULL)
|
|
|
|
return NULL;
|
2014-11-25 03:04:40 +01:00
|
|
|
sae_write_commit(sta->sae, buf, sta->sae->tmp ?
|
|
|
|
sta->sae->tmp->anti_clogging_token : NULL);
|
2012-10-06 18:30:54 +02:00
|
|
|
|
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static struct wpabuf * auth_build_sae_confirm(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta)
|
|
|
|
{
|
|
|
|
struct wpabuf *buf;
|
|
|
|
|
2012-12-30 21:28:57 +01:00
|
|
|
buf = wpabuf_alloc(SAE_CONFIRM_MAX_LEN);
|
2012-10-06 18:30:54 +02:00
|
|
|
if (buf == NULL)
|
|
|
|
return NULL;
|
|
|
|
|
2012-12-30 21:28:57 +01:00
|
|
|
sae_write_confirm(sta->sae, buf);
|
2012-10-06 18:30:54 +02:00
|
|
|
|
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-09-01 06:23:30 +02:00
|
|
|
static int auth_sae_send_commit(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta,
|
2014-11-25 03:04:40 +01:00
|
|
|
const u8 *bssid, int update)
|
2014-09-01 06:23:30 +02:00
|
|
|
{
|
|
|
|
struct wpabuf *data;
|
|
|
|
|
2014-11-25 03:04:40 +01:00
|
|
|
data = auth_build_sae_commit(hapd, sta, update);
|
2014-09-01 06:23:30 +02:00
|
|
|
if (data == NULL)
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
|
|
|
|
send_auth_reply(hapd, sta->addr, bssid,
|
|
|
|
WLAN_AUTH_SAE, 1, WLAN_STATUS_SUCCESS,
|
|
|
|
wpabuf_head(data), wpabuf_len(data));
|
|
|
|
|
|
|
|
wpabuf_free(data);
|
|
|
|
|
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int auth_sae_send_confirm(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta,
|
|
|
|
const u8 *bssid)
|
|
|
|
{
|
|
|
|
struct wpabuf *data;
|
|
|
|
|
|
|
|
data = auth_build_sae_confirm(hapd, sta);
|
|
|
|
if (data == NULL)
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
|
|
|
|
send_auth_reply(hapd, sta->addr, bssid,
|
|
|
|
WLAN_AUTH_SAE, 2, WLAN_STATUS_SUCCESS,
|
|
|
|
wpabuf_head(data), wpabuf_len(data));
|
|
|
|
|
|
|
|
wpabuf_free(data);
|
|
|
|
|
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-12-31 15:58:36 +01:00
|
|
|
static int use_sae_anti_clogging(struct hostapd_data *hapd)
|
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
|
|
|
unsigned int open = 0;
|
|
|
|
|
|
|
|
if (hapd->conf->sae_anti_clogging_threshold == 0)
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
for (sta = hapd->sta_list; sta; sta = sta->next) {
|
|
|
|
if (!sta->sae)
|
|
|
|
continue;
|
|
|
|
if (sta->sae->state != SAE_COMMITTED &&
|
|
|
|
sta->sae->state != SAE_CONFIRMED)
|
|
|
|
continue;
|
|
|
|
open++;
|
|
|
|
if (open >= hapd->conf->sae_anti_clogging_threshold)
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int check_sae_token(struct hostapd_data *hapd, const u8 *addr,
|
|
|
|
const u8 *token, size_t token_len)
|
|
|
|
{
|
|
|
|
u8 mac[SHA256_MAC_LEN];
|
|
|
|
|
|
|
|
if (token_len != SHA256_MAC_LEN)
|
|
|
|
return -1;
|
|
|
|
if (hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key),
|
|
|
|
addr, ETH_ALEN, mac) < 0 ||
|
2014-06-29 19:28:25 +02:00
|
|
|
os_memcmp_const(token, mac, SHA256_MAC_LEN) != 0)
|
2012-12-31 15:58:36 +01:00
|
|
|
return -1;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static struct wpabuf * auth_build_token_req(struct hostapd_data *hapd,
|
2014-11-25 03:04:41 +01:00
|
|
|
int group, const u8 *addr)
|
2012-12-31 15:58:36 +01:00
|
|
|
{
|
|
|
|
struct wpabuf *buf;
|
|
|
|
u8 *token;
|
2013-11-25 21:56:07 +01:00
|
|
|
struct os_reltime now;
|
2012-12-31 15:58:36 +01:00
|
|
|
|
2013-11-25 21:56:07 +01:00
|
|
|
os_get_reltime(&now);
|
|
|
|
if (!os_reltime_initialized(&hapd->last_sae_token_key_update) ||
|
|
|
|
os_reltime_expired(&now, &hapd->last_sae_token_key_update, 60)) {
|
2013-01-01 19:25:38 +01:00
|
|
|
if (random_get_bytes(hapd->sae_token_key,
|
|
|
|
sizeof(hapd->sae_token_key)) < 0)
|
|
|
|
return NULL;
|
2012-12-31 15:58:36 +01:00
|
|
|
wpa_hexdump(MSG_DEBUG, "SAE: Updated token key",
|
|
|
|
hapd->sae_token_key, sizeof(hapd->sae_token_key));
|
2013-11-25 21:56:07 +01:00
|
|
|
hapd->last_sae_token_key_update = now;
|
2012-12-31 15:58:36 +01:00
|
|
|
}
|
|
|
|
|
2014-11-25 03:04:41 +01:00
|
|
|
buf = wpabuf_alloc(sizeof(le16) + SHA256_MAC_LEN);
|
2012-12-31 15:58:36 +01:00
|
|
|
if (buf == NULL)
|
|
|
|
return NULL;
|
|
|
|
|
2014-11-25 03:04:41 +01:00
|
|
|
wpabuf_put_le16(buf, group); /* Finite Cyclic Group */
|
|
|
|
|
2012-12-31 15:58:36 +01:00
|
|
|
token = wpabuf_put(buf, SHA256_MAC_LEN);
|
|
|
|
hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key),
|
|
|
|
addr, ETH_ALEN, token);
|
|
|
|
|
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-01-07 07:10:57 +01:00
|
|
|
static int sae_check_big_sync(struct sta_info *sta)
|
|
|
|
{
|
|
|
|
if (sta->sae->sync > dot11RSNASAESync) {
|
|
|
|
sta->sae->state = SAE_NOTHING;
|
|
|
|
sta->sae->sync = 0;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void auth_sae_retransmit_timer(void *eloop_ctx, void *eloop_data)
|
|
|
|
{
|
|
|
|
struct hostapd_data *hapd = eloop_ctx;
|
|
|
|
struct sta_info *sta = eloop_data;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (sae_check_big_sync(sta))
|
|
|
|
return;
|
|
|
|
sta->sae->sync++;
|
|
|
|
|
|
|
|
switch (sta->sae->state) {
|
|
|
|
case SAE_COMMITTED:
|
|
|
|
ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0);
|
2015-07-08 15:41:36 +02:00
|
|
|
eloop_register_timeout(0,
|
|
|
|
hapd->dot11RSNASAERetransPeriod * 1000,
|
2015-01-07 07:10:57 +01:00
|
|
|
auth_sae_retransmit_timer, hapd, sta);
|
|
|
|
break;
|
|
|
|
case SAE_CONFIRMED:
|
|
|
|
ret = auth_sae_send_confirm(hapd, sta, hapd->own_addr);
|
2015-07-08 15:41:36 +02:00
|
|
|
eloop_register_timeout(0,
|
|
|
|
hapd->dot11RSNASAERetransPeriod * 1000,
|
2015-01-07 07:10:57 +01:00
|
|
|
auth_sae_retransmit_timer, hapd, sta);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
ret = -1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (ret != WLAN_STATUS_SUCCESS)
|
|
|
|
wpa_printf(MSG_INFO, "SAE: Failed to retransmit: ret=%d", ret);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void sae_clear_retransmit_timer(struct hostapd_data *hapd, struct sta_info *sta)
|
|
|
|
{
|
|
|
|
eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void sae_set_retransmit_timer(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta)
|
|
|
|
{
|
|
|
|
if (!(hapd->conf->mesh & MESH_ENABLED))
|
|
|
|
return;
|
|
|
|
|
|
|
|
eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta);
|
2015-07-08 15:41:36 +02:00
|
|
|
eloop_register_timeout(0, hapd->dot11RSNASAERetransPeriod * 1000,
|
2015-01-07 07:10:57 +01:00
|
|
|
auth_sae_retransmit_timer, hapd, sta);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-09-01 06:23:30 +02:00
|
|
|
static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
const u8 *bssid, u8 auth_transaction)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (auth_transaction != 1 && auth_transaction != 2)
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
|
|
|
|
switch (sta->sae->state) {
|
|
|
|
case SAE_NOTHING:
|
|
|
|
if (auth_transaction == 1) {
|
2014-11-25 03:04:40 +01:00
|
|
|
ret = auth_sae_send_commit(hapd, sta, bssid, 1);
|
2014-09-01 06:23:30 +02:00
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
sta->sae->state = SAE_COMMITTED;
|
|
|
|
|
|
|
|
if (sae_process_commit(sta->sae) < 0)
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* In mesh case, both Commit and Confirm can be sent
|
|
|
|
* immediately. In infrastructure BSS, only a single
|
|
|
|
* Authentication frame (Commit) is expected from the AP
|
|
|
|
* here and the second one (Confirm) will be sent once
|
|
|
|
* the STA has sent its second Authentication frame
|
|
|
|
* (Confirm).
|
|
|
|
*/
|
|
|
|
if (hapd->conf->mesh & MESH_ENABLED) {
|
|
|
|
/*
|
|
|
|
* Send both Commit and Confirm immediately
|
|
|
|
* based on SAE finite state machine
|
|
|
|
* Nothing -> Confirm transition.
|
|
|
|
*/
|
|
|
|
ret = auth_sae_send_confirm(hapd, sta, bssid);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
sta->sae->state = SAE_CONFIRMED;
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* For infrastructure BSS, send only the Commit
|
|
|
|
* message now to get alternating sequence of
|
|
|
|
* Authentication frames between the AP and STA.
|
|
|
|
* Confirm will be sent in
|
|
|
|
* Commited -> Confirmed/Accepted transition
|
|
|
|
* when receiving Confirm from STA.
|
|
|
|
*/
|
|
|
|
}
|
2015-01-07 07:10:57 +01:00
|
|
|
sta->sae->sync = 0;
|
|
|
|
sae_set_retransmit_timer(hapd, sta);
|
2014-09-01 06:23:30 +02:00
|
|
|
} else {
|
|
|
|
hostapd_logger(hapd, sta->addr,
|
|
|
|
HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"SAE confirm before commit");
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case SAE_COMMITTED:
|
2015-01-07 07:10:57 +01:00
|
|
|
sae_clear_retransmit_timer(hapd, sta);
|
2014-09-01 06:23:30 +02:00
|
|
|
if (auth_transaction == 1) {
|
|
|
|
if (sae_process_commit(sta->sae) < 0)
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
|
|
|
|
ret = auth_sae_send_confirm(hapd, sta, bssid);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
sta->sae->state = SAE_CONFIRMED;
|
2015-01-07 07:10:57 +01:00
|
|
|
sta->sae->sync = 0;
|
|
|
|
sae_set_retransmit_timer(hapd, sta);
|
2014-09-01 06:23:30 +02:00
|
|
|
} else if (hapd->conf->mesh & MESH_ENABLED) {
|
|
|
|
/*
|
|
|
|
* In mesh case, follow SAE finite state machine and
|
2015-01-07 07:10:57 +01:00
|
|
|
* send Commit now, if sync count allows.
|
2014-09-01 06:23:30 +02:00
|
|
|
*/
|
2015-01-07 07:10:57 +01:00
|
|
|
if (sae_check_big_sync(sta))
|
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
sta->sae->sync++;
|
|
|
|
|
2015-04-15 12:28:16 +02:00
|
|
|
ret = auth_sae_send_commit(hapd, sta, bssid, 0);
|
2014-09-01 06:23:30 +02:00
|
|
|
if (ret)
|
|
|
|
return ret;
|
2015-01-07 07:10:57 +01:00
|
|
|
|
|
|
|
sae_set_retransmit_timer(hapd, sta);
|
2014-09-01 06:23:30 +02:00
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* For instructure BSS, send the postponed Confirm from
|
|
|
|
* Nothing -> Confirmed transition that was reduced to
|
|
|
|
* Nothing -> Committed above.
|
|
|
|
*/
|
|
|
|
ret = auth_sae_send_confirm(hapd, sta, bssid);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
sta->sae->state = SAE_CONFIRMED;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Since this was triggered on Confirm RX, run another
|
|
|
|
* step to get to Accepted without waiting for
|
|
|
|
* additional events.
|
|
|
|
*/
|
|
|
|
return sae_sm_step(hapd, sta, bssid, auth_transaction);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case SAE_CONFIRMED:
|
2015-01-07 07:10:57 +01:00
|
|
|
sae_clear_retransmit_timer(hapd, sta);
|
2014-09-01 06:23:30 +02:00
|
|
|
if (auth_transaction == 1) {
|
2015-01-07 07:10:57 +01:00
|
|
|
if (sae_check_big_sync(sta))
|
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
sta->sae->sync++;
|
|
|
|
|
2014-11-25 03:04:40 +01:00
|
|
|
ret = auth_sae_send_commit(hapd, sta, bssid, 1);
|
2014-09-01 06:23:30 +02:00
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
if (sae_process_commit(sta->sae) < 0)
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
|
|
|
|
ret = auth_sae_send_confirm(hapd, sta, bssid);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
2015-01-07 07:10:57 +01:00
|
|
|
|
|
|
|
sae_set_retransmit_timer(hapd, sta);
|
2014-09-01 06:23:30 +02:00
|
|
|
} else {
|
|
|
|
sta->flags |= WLAN_STA_AUTH;
|
|
|
|
sta->auth_alg = WLAN_AUTH_SAE;
|
|
|
|
mlme_authenticate_indication(hapd, sta);
|
|
|
|
wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
|
|
|
|
sta->sae->state = SAE_ACCEPTED;
|
|
|
|
wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr,
|
|
|
|
sta->sae->pmk);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case SAE_ACCEPTED:
|
|
|
|
if (auth_transaction == 1) {
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: remove the STA (" MACSTR
|
|
|
|
") doing reauthentication",
|
|
|
|
MAC2STR(sta->addr));
|
|
|
|
ap_free_sta(hapd, sta);
|
|
|
|
} else {
|
2015-01-07 07:10:57 +01:00
|
|
|
if (sae_check_big_sync(sta))
|
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
sta->sae->sync++;
|
|
|
|
|
2014-09-01 06:23:30 +02:00
|
|
|
ret = auth_sae_send_confirm(hapd, sta, bssid);
|
|
|
|
sae_clear_temp_data(sta->sae);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
wpa_printf(MSG_ERROR, "SAE: invalid state %d",
|
|
|
|
sta->sae->state);
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
const struct ieee80211_mgmt *mgmt, size_t len,
|
2014-12-14 22:52:02 +01:00
|
|
|
u16 auth_transaction, u16 status_code)
|
2012-09-30 18:51:07 +02:00
|
|
|
{
|
|
|
|
u16 resp = WLAN_STATUS_SUCCESS;
|
2012-12-30 20:54:16 +01:00
|
|
|
struct wpabuf *data = NULL;
|
2012-09-30 18:51:07 +02:00
|
|
|
|
2012-12-30 20:48:19 +01:00
|
|
|
if (!sta->sae) {
|
2014-12-14 22:52:02 +01:00
|
|
|
if (auth_transaction != 1 || status_code != WLAN_STATUS_SUCCESS)
|
2012-12-31 15:58:36 +01:00
|
|
|
return;
|
2012-12-30 20:48:19 +01:00
|
|
|
sta->sae = os_zalloc(sizeof(*sta->sae));
|
|
|
|
if (sta->sae == NULL)
|
|
|
|
return;
|
2012-12-31 10:05:42 +01:00
|
|
|
sta->sae->state = SAE_NOTHING;
|
2015-01-07 07:10:57 +01:00
|
|
|
sta->sae->sync = 0;
|
2012-12-30 20:48:19 +01:00
|
|
|
}
|
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
if (auth_transaction == 1) {
|
2014-11-25 03:04:41 +01:00
|
|
|
const u8 *token = NULL, *pos, *end;
|
2012-12-31 15:58:36 +01:00
|
|
|
size_t token_len = 0;
|
2012-09-30 18:51:07 +02:00
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
2014-12-14 22:52:02 +01:00
|
|
|
"start SAE authentication (RX commit, status=%u)",
|
|
|
|
status_code);
|
2014-11-25 03:04:40 +01:00
|
|
|
|
|
|
|
if ((hapd->conf->mesh & MESH_ENABLED) &&
|
2014-12-14 22:52:02 +01:00
|
|
|
status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ &&
|
|
|
|
sta->sae->tmp) {
|
2014-11-25 03:04:41 +01:00
|
|
|
pos = mgmt->u.auth.variable;
|
|
|
|
end = ((const u8 *) mgmt) + len;
|
|
|
|
if (pos + sizeof(le16) > end) {
|
|
|
|
wpa_printf(MSG_ERROR,
|
|
|
|
"SAE: Too short anti-clogging token request");
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto reply;
|
|
|
|
}
|
|
|
|
resp = sae_group_allowed(sta->sae,
|
|
|
|
hapd->conf->sae_groups,
|
|
|
|
WPA_GET_LE16(pos));
|
|
|
|
if (resp != WLAN_STATUS_SUCCESS) {
|
|
|
|
wpa_printf(MSG_ERROR,
|
|
|
|
"SAE: Invalid group in anti-clogging token request");
|
|
|
|
goto reply;
|
|
|
|
}
|
|
|
|
pos += sizeof(le16);
|
|
|
|
|
2014-11-25 03:04:40 +01:00
|
|
|
wpabuf_free(sta->sae->tmp->anti_clogging_token);
|
|
|
|
sta->sae->tmp->anti_clogging_token =
|
2014-11-25 03:04:41 +01:00
|
|
|
wpabuf_alloc_copy(pos, end - pos);
|
2014-11-25 03:04:40 +01:00
|
|
|
if (sta->sae->tmp->anti_clogging_token == NULL) {
|
|
|
|
wpa_printf(MSG_ERROR,
|
|
|
|
"SAE: Failed to alloc for anti-clogging token");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* IEEE Std 802.11-2012, 11.3.8.6.4: If the Status code
|
|
|
|
* is 76, a new Commit Message shall be constructed
|
|
|
|
* with the Anti-Clogging Token from the received
|
|
|
|
* Authentication frame, and the commit-scalar and
|
|
|
|
* COMMIT-ELEMENT previously sent.
|
|
|
|
*/
|
|
|
|
if (auth_sae_send_commit(hapd, sta, mgmt->bssid, 0)) {
|
|
|
|
wpa_printf(MSG_ERROR,
|
|
|
|
"SAE: Failed to send commit message");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
sta->sae->state = SAE_COMMITTED;
|
2015-01-07 07:10:57 +01:00
|
|
|
sta->sae->sync = 0;
|
|
|
|
sae_set_retransmit_timer(hapd, sta);
|
2014-11-25 03:04:40 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2014-12-14 22:52:02 +01:00
|
|
|
if (status_code != WLAN_STATUS_SUCCESS)
|
|
|
|
return;
|
|
|
|
|
2012-12-30 21:16:18 +01:00
|
|
|
resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable,
|
|
|
|
((const u8 *) mgmt) + len -
|
2012-12-31 15:58:36 +01:00
|
|
|
mgmt->u.auth.variable, &token,
|
2013-01-01 15:23:47 +01:00
|
|
|
&token_len, hapd->conf->sae_groups);
|
2015-06-23 21:30:15 +02:00
|
|
|
if (resp == SAE_SILENTLY_DISCARD) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: Drop commit message from " MACSTR " due to reflection attack",
|
|
|
|
MAC2STR(sta->addr));
|
|
|
|
return;
|
|
|
|
}
|
2012-12-31 15:58:36 +01:00
|
|
|
if (token && check_sae_token(hapd, sta->addr, token, token_len)
|
|
|
|
< 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: Drop commit message with "
|
|
|
|
"incorrect token from " MACSTR,
|
|
|
|
MAC2STR(sta->addr));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2014-09-01 06:23:30 +02:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
goto reply;
|
|
|
|
|
|
|
|
if (!token && use_sae_anti_clogging(hapd)) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: Request anti-clogging token from "
|
|
|
|
MACSTR, MAC2STR(sta->addr));
|
2014-11-25 03:04:41 +01:00
|
|
|
data = auth_build_token_req(hapd, sta->sae->group,
|
|
|
|
sta->addr);
|
2014-09-01 06:23:30 +02:00
|
|
|
resp = WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ;
|
2014-11-25 03:04:40 +01:00
|
|
|
if (hapd->conf->mesh & MESH_ENABLED)
|
|
|
|
sta->sae->state = SAE_NOTHING;
|
2014-09-01 06:23:30 +02:00
|
|
|
goto reply;
|
2012-12-30 20:54:16 +01:00
|
|
|
}
|
2014-09-01 06:23:30 +02:00
|
|
|
|
|
|
|
resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction);
|
2012-09-30 18:51:07 +02:00
|
|
|
} else if (auth_transaction == 2) {
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
2014-12-14 22:52:02 +01:00
|
|
|
"SAE authentication (RX confirm, status=%u)",
|
|
|
|
status_code);
|
|
|
|
if (status_code != WLAN_STATUS_SUCCESS)
|
|
|
|
return;
|
2014-09-01 06:23:30 +02:00
|
|
|
if (sta->sae->state >= SAE_CONFIRMED ||
|
|
|
|
!(hapd->conf->mesh & MESH_ENABLED)) {
|
|
|
|
if (sae_check_confirm(sta->sae, mgmt->u.auth.variable,
|
|
|
|
((u8 *) mgmt) + len -
|
|
|
|
mgmt->u.auth.variable) < 0) {
|
2012-12-30 20:54:16 +01:00
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2014-09-01 06:23:30 +02:00
|
|
|
goto reply;
|
2013-01-06 18:06:59 +01:00
|
|
|
}
|
2012-10-06 18:30:54 +02:00
|
|
|
}
|
2014-09-01 06:23:30 +02:00
|
|
|
resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction);
|
2012-09-30 18:51:07 +02:00
|
|
|
} else {
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
2014-12-14 22:52:02 +01:00
|
|
|
"unexpected SAE authentication transaction %u (status=%u)",
|
|
|
|
auth_transaction, status_code);
|
|
|
|
if (status_code != WLAN_STATUS_SUCCESS)
|
|
|
|
return;
|
2012-09-30 18:51:07 +02:00
|
|
|
resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
|
|
|
|
}
|
|
|
|
|
2014-09-01 06:23:30 +02:00
|
|
|
reply:
|
|
|
|
if (resp != WLAN_STATUS_SUCCESS) {
|
|
|
|
send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE,
|
|
|
|
auth_transaction, resp,
|
|
|
|
data ? wpabuf_head(data) : (u8 *) "",
|
|
|
|
data ? wpabuf_len(data) : 0);
|
|
|
|
}
|
2012-10-06 18:30:54 +02:00
|
|
|
wpabuf_free(data);
|
2012-09-30 18:51:07 +02:00
|
|
|
}
|
2015-01-07 07:10:56 +01:00
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* auth_sae_init_committed - Send COMMIT and start SAE in committed state
|
|
|
|
* @hapd: BSS data for the device initiating the authentication
|
|
|
|
* @sta: the peer to which commit authentication frame is sent
|
|
|
|
*
|
|
|
|
* This function implements Init event handling (IEEE Std 802.11-2012,
|
|
|
|
* 11.3.8.6.3) in which initial COMMIT message is sent. Prior to calling, the
|
|
|
|
* sta->sae structure should be initialized appropriately via a call to
|
|
|
|
* sae_prepare_commit().
|
|
|
|
*/
|
|
|
|
int auth_sae_init_committed(struct hostapd_data *hapd, struct sta_info *sta)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (!sta->sae || !sta->sae->tmp)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (sta->sae->state != SAE_NOTHING)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0);
|
|
|
|
if (ret)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
sta->sae->state = SAE_COMMITTED;
|
2015-01-07 07:10:57 +01:00
|
|
|
sta->sae->sync = 0;
|
|
|
|
sae_set_retransmit_timer(hapd, sta);
|
2015-01-07 07:10:56 +01:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
#endif /* CONFIG_SAE */
|
|
|
|
|
|
|
|
|
2009-12-13 22:25:30 +01:00
|
|
|
static void handle_auth(struct hostapd_data *hapd,
|
|
|
|
const struct ieee80211_mgmt *mgmt, size_t len)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
|
|
|
u16 auth_alg, auth_transaction, status_code;
|
|
|
|
u16 resp = WLAN_STATUS_SUCCESS;
|
|
|
|
struct sta_info *sta = NULL;
|
|
|
|
int res;
|
|
|
|
u16 fc;
|
2009-12-13 22:25:30 +01:00
|
|
|
const u8 *challenge = NULL;
|
2008-02-28 02:34:43 +01:00
|
|
|
u32 session_timeout, acct_interim_interval;
|
|
|
|
int vlan_id = 0;
|
2012-11-25 16:41:13 +01:00
|
|
|
struct hostapd_sta_wpa_psk_short *psk = NULL;
|
2008-02-28 02:34:43 +01:00
|
|
|
u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN];
|
|
|
|
size_t resp_ies_len = 0;
|
2012-08-19 13:20:10 +02:00
|
|
|
char *identity = NULL;
|
|
|
|
char *radius_cui = NULL;
|
2014-11-05 09:50:34 +01:00
|
|
|
u16 seq_ctrl;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
|
|
|
|
(unsigned long) len);
|
2008-02-28 02:34:43 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2013-04-23 16:51:28 +02:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
2014-04-26 10:09:29 +02:00
|
|
|
if (hapd->iconf->ignore_auth_probability > 0.0 &&
|
2013-04-23 16:51:28 +02:00
|
|
|
drand48() < hapd->iconf->ignore_auth_probability) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"TESTING: ignoring auth frame from " MACSTR,
|
|
|
|
MAC2STR(mgmt->sa));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
|
|
|
|
auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
|
|
|
|
status_code = le_to_host16(mgmt->u.auth.status_code);
|
|
|
|
fc = le_to_host16(mgmt->frame_control);
|
2014-11-05 09:50:34 +01:00
|
|
|
seq_ctrl = le_to_host16(mgmt->seq_ctrl);
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) +
|
|
|
|
2 + WLAN_AUTH_CHALLENGE_LEN &&
|
|
|
|
mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE &&
|
|
|
|
mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN)
|
|
|
|
challenge = &mgmt->u.auth.variable[2];
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d "
|
2014-11-05 09:50:34 +01:00
|
|
|
"auth_transaction=%d status_code=%d wep=%d%s "
|
|
|
|
"seq_ctrl=0x%x%s",
|
2008-02-28 02:34:43 +01:00
|
|
|
MAC2STR(mgmt->sa), auth_alg, auth_transaction,
|
|
|
|
status_code, !!(fc & WLAN_FC_ISWEP),
|
2014-11-05 09:50:34 +01:00
|
|
|
challenge ? " challenge" : "",
|
|
|
|
seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2015-08-01 22:37:07 +02:00
|
|
|
#ifdef CONFIG_NO_RC4
|
|
|
|
if (auth_alg == WLAN_AUTH_SHARED_KEY) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"Unsupported authentication algorithm (%d)",
|
|
|
|
auth_alg);
|
|
|
|
resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_NO_RC4 */
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (hapd->tkip_countermeasures) {
|
|
|
|
resp = WLAN_REASON_MICHAEL_MIC_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) &&
|
|
|
|
auth_alg == WLAN_AUTH_OPEN) ||
|
|
|
|
#ifdef CONFIG_IEEE80211R
|
2011-11-24 21:46:14 +01:00
|
|
|
(hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) &&
|
2008-02-28 02:34:43 +01:00
|
|
|
auth_alg == WLAN_AUTH_FT) ||
|
|
|
|
#endif /* CONFIG_IEEE80211R */
|
2012-09-30 18:51:07 +02:00
|
|
|
#ifdef CONFIG_SAE
|
|
|
|
(hapd->conf->wpa && wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) &&
|
|
|
|
auth_alg == WLAN_AUTH_SAE) ||
|
|
|
|
#endif /* CONFIG_SAE */
|
2008-02-28 02:34:43 +01:00
|
|
|
((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) &&
|
|
|
|
auth_alg == WLAN_AUTH_SHARED_KEY))) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "Unsupported authentication algorithm (%d)",
|
|
|
|
auth_alg);
|
2008-02-28 02:34:43 +01:00
|
|
|
resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE ||
|
2008-02-28 02:34:43 +01:00
|
|
|
(auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "Unknown authentication transaction number (%d)",
|
|
|
|
auth_transaction);
|
2008-02-28 02:34:43 +01:00
|
|
|
resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate",
|
|
|
|
MAC2STR(mgmt->sa));
|
2008-02-28 02:34:43 +01:00
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2015-09-05 18:00:03 +02:00
|
|
|
if (hapd->conf->no_auth_if_seen_on) {
|
|
|
|
struct hostapd_data *other;
|
|
|
|
|
|
|
|
other = sta_track_seen_on(hapd->iface, mgmt->sa,
|
|
|
|
hapd->conf->no_auth_if_seen_on);
|
|
|
|
if (other) {
|
|
|
|
u8 *pos;
|
|
|
|
u32 info;
|
|
|
|
u8 op_class, channel, phytype;
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "%s: Reject authentication from "
|
|
|
|
MACSTR " since STA has been seen on %s",
|
|
|
|
hapd->conf->iface, MAC2STR(mgmt->sa),
|
|
|
|
hapd->conf->no_auth_if_seen_on);
|
|
|
|
|
|
|
|
resp = WLAN_STATUS_REJECTED_WITH_SUGGESTED_BSS_TRANSITION;
|
|
|
|
pos = &resp_ies[0];
|
|
|
|
*pos++ = WLAN_EID_NEIGHBOR_REPORT;
|
|
|
|
*pos++ = 13;
|
|
|
|
os_memcpy(pos, other->own_addr, ETH_ALEN);
|
|
|
|
pos += ETH_ALEN;
|
|
|
|
info = 0; /* TODO: BSSID Information */
|
|
|
|
WPA_PUT_LE32(pos, info);
|
|
|
|
pos += 4;
|
|
|
|
if (other->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD)
|
|
|
|
phytype = 8; /* dmg */
|
|
|
|
else if (other->iconf->ieee80211ac)
|
|
|
|
phytype = 9; /* vht */
|
|
|
|
else if (other->iconf->ieee80211n)
|
|
|
|
phytype = 7; /* ht */
|
|
|
|
else if (other->iconf->hw_mode ==
|
|
|
|
HOSTAPD_MODE_IEEE80211A)
|
|
|
|
phytype = 4; /* ofdm */
|
|
|
|
else if (other->iconf->hw_mode ==
|
|
|
|
HOSTAPD_MODE_IEEE80211G)
|
|
|
|
phytype = 6; /* erp */
|
|
|
|
else
|
|
|
|
phytype = 5; /* hrdsss */
|
|
|
|
if (ieee80211_freq_to_channel_ext(
|
|
|
|
hostapd_hw_get_freq(other,
|
|
|
|
other->iconf->channel),
|
|
|
|
other->iconf->secondary_channel,
|
|
|
|
other->iconf->ieee80211ac,
|
|
|
|
&op_class, &channel) == NUM_HOSTAPD_MODES) {
|
|
|
|
op_class = 0;
|
|
|
|
channel = other->iconf->channel;
|
|
|
|
}
|
|
|
|
*pos++ = op_class;
|
|
|
|
*pos++ = channel;
|
|
|
|
*pos++ = phytype;
|
|
|
|
resp_ies_len = pos - &resp_ies[0];
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
res = hostapd_allowed_address(hapd, mgmt->sa, (u8 *) mgmt, len,
|
|
|
|
&session_timeout,
|
2011-12-11 12:01:57 +01:00
|
|
|
&acct_interim_interval, &vlan_id,
|
2012-11-25 16:41:13 +01:00
|
|
|
&psk, &identity, &radius_cui);
|
2011-12-11 12:01:57 +01:00
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (res == HOSTAPD_ACL_REJECT) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate",
|
|
|
|
MAC2STR(mgmt->sa));
|
2008-02-28 02:34:43 +01:00
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
if (res == HOSTAPD_ACL_PENDING) {
|
|
|
|
wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR
|
|
|
|
" waiting for an external authentication",
|
|
|
|
MAC2STR(mgmt->sa));
|
|
|
|
/* Authentication code will re-send the authentication frame
|
|
|
|
* after it has received (and cached) information from the
|
|
|
|
* external source. */
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2014-11-05 09:50:34 +01:00
|
|
|
sta = ap_get_sta(hapd, mgmt->sa);
|
|
|
|
if (sta) {
|
|
|
|
if ((fc & WLAN_FC_RETRY) &&
|
|
|
|
sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
|
|
|
|
sta->last_seq_ctrl == seq_ctrl &&
|
|
|
|
sta->last_subtype == WLAN_FC_STYPE_AUTH) {
|
|
|
|
hostapd_logger(hapd, sta->addr,
|
|
|
|
HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"Drop repeated authentication frame seq_ctrl=0x%x",
|
|
|
|
seq_ctrl);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
} else {
|
2014-09-01 06:23:30 +02:00
|
|
|
#ifdef CONFIG_MESH
|
2014-11-05 09:50:34 +01:00
|
|
|
if (hapd->conf->mesh & MESH_ENABLED) {
|
|
|
|
/* if the mesh peer is not available, we don't do auth.
|
|
|
|
*/
|
2014-12-23 12:44:38 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
|
|
|
|
" not yet known - drop Authentiation frame",
|
|
|
|
MAC2STR(mgmt->sa));
|
|
|
|
/*
|
|
|
|
* Save a copy of the frame so that it can be processed
|
|
|
|
* if a new peer entry is added shortly after this.
|
|
|
|
*/
|
|
|
|
wpabuf_free(hapd->mesh_pending_auth);
|
|
|
|
hapd->mesh_pending_auth = wpabuf_alloc_copy(mgmt, len);
|
|
|
|
os_get_reltime(&hapd->mesh_pending_auth_time);
|
2014-09-01 06:23:30 +02:00
|
|
|
return;
|
2014-11-05 09:50:34 +01:00
|
|
|
}
|
2014-09-01 06:23:30 +02:00
|
|
|
#endif /* CONFIG_MESH */
|
2014-11-05 09:50:34 +01:00
|
|
|
|
2014-09-01 06:23:30 +02:00
|
|
|
sta = ap_sta_add(hapd, mgmt->sa);
|
|
|
|
if (!sta) {
|
|
|
|
resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
|
|
|
|
goto fail;
|
|
|
|
}
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
2014-11-05 09:50:34 +01:00
|
|
|
sta->last_seq_ctrl = seq_ctrl;
|
|
|
|
sta->last_subtype = WLAN_FC_STYPE_AUTH;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
if (vlan_id > 0) {
|
2013-06-25 11:03:02 +02:00
|
|
|
if (!hostapd_vlan_id_valid(hapd->conf->vlan, vlan_id)) {
|
2008-02-28 02:34:43 +01:00
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
|
|
|
|
HOSTAPD_LEVEL_INFO, "Invalid VLAN ID "
|
|
|
|
"%d received from RADIUS server",
|
|
|
|
vlan_id);
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
sta->vlan_id = vlan_id;
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
|
|
|
|
HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id);
|
|
|
|
}
|
|
|
|
|
2012-11-25 17:01:55 +01:00
|
|
|
hostapd_free_psk_list(sta->psk);
|
2012-11-25 16:49:25 +01:00
|
|
|
if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) {
|
|
|
|
sta->psk = psk;
|
|
|
|
psk = NULL;
|
2011-12-11 12:01:57 +01:00
|
|
|
} else {
|
|
|
|
sta->psk = NULL;
|
|
|
|
}
|
|
|
|
|
2012-08-19 13:20:10 +02:00
|
|
|
sta->identity = identity;
|
|
|
|
identity = NULL;
|
|
|
|
sta->radius_cui = radius_cui;
|
|
|
|
radius_cui = NULL;
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
sta->flags &= ~WLAN_STA_PREAUTH;
|
|
|
|
ieee802_1x_notify_pre_auth(sta->eapol_sm, 0);
|
|
|
|
|
2009-11-28 22:03:20 +01:00
|
|
|
if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval)
|
2008-02-28 02:34:43 +01:00
|
|
|
sta->acct_interim_interval = acct_interim_interval;
|
|
|
|
if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT)
|
|
|
|
ap_sta_session_timeout(hapd, sta, session_timeout);
|
|
|
|
else
|
|
|
|
ap_sta_no_session_timeout(hapd, sta);
|
|
|
|
|
|
|
|
switch (auth_alg) {
|
|
|
|
case WLAN_AUTH_OPEN:
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"authentication OK (open system)");
|
|
|
|
sta->flags |= WLAN_STA_AUTH;
|
|
|
|
wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
|
|
|
|
sta->auth_alg = WLAN_AUTH_OPEN;
|
|
|
|
mlme_authenticate_indication(hapd, sta);
|
|
|
|
break;
|
2015-08-01 22:37:07 +02:00
|
|
|
#ifndef CONFIG_NO_RC4
|
2008-02-28 02:34:43 +01:00
|
|
|
case WLAN_AUTH_SHARED_KEY:
|
|
|
|
resp = auth_shared_key(hapd, sta, auth_transaction, challenge,
|
|
|
|
fc & WLAN_FC_ISWEP);
|
|
|
|
sta->auth_alg = WLAN_AUTH_SHARED_KEY;
|
|
|
|
mlme_authenticate_indication(hapd, sta);
|
|
|
|
if (sta->challenge && auth_transaction == 1) {
|
|
|
|
resp_ies[0] = WLAN_EID_CHALLENGE;
|
|
|
|
resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN;
|
|
|
|
os_memcpy(resp_ies + 2, sta->challenge,
|
|
|
|
WLAN_AUTH_CHALLENGE_LEN);
|
|
|
|
resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN;
|
|
|
|
}
|
|
|
|
break;
|
2015-08-01 22:37:07 +02:00
|
|
|
#endif /* CONFIG_NO_RC4 */
|
2008-02-28 02:34:43 +01:00
|
|
|
#ifdef CONFIG_IEEE80211R
|
|
|
|
case WLAN_AUTH_FT:
|
|
|
|
sta->auth_alg = WLAN_AUTH_FT;
|
|
|
|
if (sta->wpa_sm == NULL)
|
|
|
|
sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
|
2013-09-01 10:05:19 +02:00
|
|
|
sta->addr, NULL);
|
2008-02-28 02:34:43 +01:00
|
|
|
if (sta->wpa_sm == NULL) {
|
|
|
|
wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA "
|
|
|
|
"state machine");
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid,
|
|
|
|
auth_transaction, mgmt->u.auth.variable,
|
|
|
|
len - IEEE80211_HDRLEN -
|
|
|
|
sizeof(mgmt->u.auth),
|
|
|
|
handle_auth_ft_finish, hapd);
|
|
|
|
/* handle_auth_ft_finish() callback will complete auth. */
|
|
|
|
return;
|
|
|
|
#endif /* CONFIG_IEEE80211R */
|
2012-09-30 18:51:07 +02:00
|
|
|
#ifdef CONFIG_SAE
|
|
|
|
case WLAN_AUTH_SAE:
|
2014-09-01 06:23:30 +02:00
|
|
|
#ifdef CONFIG_MESH
|
2014-12-14 22:52:02 +01:00
|
|
|
if (status_code == WLAN_STATUS_SUCCESS &&
|
|
|
|
hapd->conf->mesh & MESH_ENABLED) {
|
2014-09-01 06:23:30 +02:00
|
|
|
if (sta->wpa_sm == NULL)
|
|
|
|
sta->wpa_sm =
|
|
|
|
wpa_auth_sta_init(hapd->wpa_auth,
|
|
|
|
sta->addr, NULL);
|
|
|
|
if (sta->wpa_sm == NULL) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: Failed to initialize WPA state machine");
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_MESH */
|
2014-12-14 22:52:02 +01:00
|
|
|
handle_auth_sae(hapd, sta, mgmt, len, auth_transaction,
|
|
|
|
status_code);
|
2012-09-30 18:51:07 +02:00
|
|
|
return;
|
|
|
|
#endif /* CONFIG_SAE */
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
fail:
|
2012-08-19 13:20:10 +02:00
|
|
|
os_free(identity);
|
|
|
|
os_free(radius_cui);
|
2012-11-25 17:01:55 +01:00
|
|
|
hostapd_free_psk_list(psk);
|
2012-08-19 13:20:10 +02:00
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg,
|
|
|
|
auth_transaction + 1, resp, resp_ies, resp_ies_len);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-10-05 14:16:40 +02:00
|
|
|
int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta)
|
2009-03-25 14:35:00 +01:00
|
|
|
{
|
2009-03-25 14:54:25 +01:00
|
|
|
int i, j = 32, aid;
|
|
|
|
|
2009-03-25 14:35:00 +01:00
|
|
|
/* get a unique AID */
|
|
|
|
if (sta->aid > 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, " old AID %d", sta->aid);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2009-03-25 14:54:25 +01:00
|
|
|
for (i = 0; i < AID_WORDS; i++) {
|
|
|
|
if (hapd->sta_aid[i] == (u32) -1)
|
|
|
|
continue;
|
|
|
|
for (j = 0; j < 32; j++) {
|
|
|
|
if (!(hapd->sta_aid[i] & BIT(j)))
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (j < 32)
|
2009-03-25 14:35:00 +01:00
|
|
|
break;
|
|
|
|
}
|
2009-03-25 14:54:25 +01:00
|
|
|
if (j == 32)
|
|
|
|
return -1;
|
|
|
|
aid = i * 32 + j + 1;
|
|
|
|
if (aid > 2007)
|
|
|
|
return -1;
|
2009-03-25 14:35:00 +01:00
|
|
|
|
2009-03-25 14:54:25 +01:00
|
|
|
sta->aid = aid;
|
|
|
|
hapd->sta_aid[i] |= BIT(j);
|
2009-03-25 14:35:00 +01:00
|
|
|
wpa_printf(MSG_DEBUG, " new AID %d", sta->aid);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
const u8 *ssid_ie, size_t ssid_ie_len)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
2009-11-29 21:14:57 +01:00
|
|
|
if (ssid_ie == NULL)
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
if (ssid_ie_len != hapd->conf->ssid.ssid_len ||
|
|
|
|
os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) {
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO,
|
|
|
|
"Station tried to associate with unknown SSID "
|
2014-01-31 21:20:41 +01:00
|
|
|
"'%s'", wpa_ssid_txt(ssid_ie, ssid_ie_len));
|
2009-11-29 21:14:57 +01:00
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2008-02-28 02:54:06 +01:00
|
|
|
}
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
}
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
static u16 check_wmm(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
const u8 *wmm_ie, size_t wmm_ie_len)
|
|
|
|
{
|
2009-03-04 11:33:24 +01:00
|
|
|
sta->flags &= ~WLAN_STA_WMM;
|
2011-12-17 11:38:06 +01:00
|
|
|
sta->qosinfo = 0;
|
2009-11-29 21:14:57 +01:00
|
|
|
if (wmm_ie && hapd->conf->wmm_enabled) {
|
2011-12-17 10:55:14 +01:00
|
|
|
struct wmm_information_element *wmm;
|
|
|
|
|
2011-12-17 11:41:00 +01:00
|
|
|
if (!hostapd_eid_wmm_valid(hapd, wmm_ie, wmm_ie_len)) {
|
2008-02-28 02:34:43 +01:00
|
|
|
hostapd_logger(hapd, sta->addr,
|
|
|
|
HOSTAPD_MODULE_WPA,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
2009-03-04 11:33:24 +01:00
|
|
|
"invalid WMM element in association "
|
2008-02-28 02:34:43 +01:00
|
|
|
"request");
|
2011-12-17 10:55:14 +01:00
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
|
|
|
|
|
|
|
sta->flags |= WLAN_STA_WMM;
|
|
|
|
wmm = (struct wmm_information_element *) wmm_ie;
|
2011-12-17 11:38:06 +01:00
|
|
|
sta->qosinfo = wmm->qos_info;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
2009-11-29 21:14:57 +01:00
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
}
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
|
|
|
|
static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
struct ieee802_11_elems *elems)
|
|
|
|
{
|
|
|
|
if (!elems->supp_rates) {
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
2008-02-28 02:34:43 +01:00
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"No supported rates element in AssocReq");
|
2009-11-29 21:14:57 +01:00
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
2012-08-19 16:52:41 +02:00
|
|
|
if (elems->supp_rates_len + elems->ext_supp_rates_len >
|
|
|
|
sizeof(sta->supported_rates)) {
|
2009-11-29 21:14:57 +01:00
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
2008-02-28 02:34:43 +01:00
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
2012-08-19 16:52:41 +02:00
|
|
|
"Invalid supported rates element length %d+%d",
|
|
|
|
elems->supp_rates_len,
|
|
|
|
elems->ext_supp_rates_len);
|
2009-11-29 21:14:57 +01:00
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
2012-08-19 16:52:41 +02:00
|
|
|
sta->supported_rates_len = merge_byte_arrays(
|
|
|
|
sta->supported_rates, sizeof(sta->supported_rates),
|
|
|
|
elems->supp_rates, elems->supp_rates_len,
|
|
|
|
elems->ext_supp_rates, elems->ext_supp_rates_len);
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-07-24 11:28:20 +02:00
|
|
|
static u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
const u8 *ext_capab_ie, size_t ext_capab_ie_len)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_INTERWORKING
|
|
|
|
/* check for QoS Map support */
|
|
|
|
if (ext_capab_ie_len >= 5) {
|
|
|
|
if (ext_capab_ie[4] & 0x01)
|
|
|
|
sta->qos_map_enabled = 1;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_INTERWORKING */
|
|
|
|
|
2015-09-08 11:46:20 +02:00
|
|
|
if (ext_capab_ie_len > 0)
|
|
|
|
sta->ecsa_supported = !!(ext_capab_ie[0] & BIT(2));
|
|
|
|
|
2013-07-24 11:28:20 +02:00
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
|
2009-12-13 22:25:30 +01:00
|
|
|
const u8 *ies, size_t ies_len, int reassoc)
|
2009-11-29 21:14:57 +01:00
|
|
|
{
|
|
|
|
struct ieee802_11_elems elems;
|
|
|
|
u16 resp;
|
2009-12-13 22:11:11 +01:00
|
|
|
const u8 *wpa_ie;
|
2009-11-29 21:14:57 +01:00
|
|
|
size_t wpa_ie_len;
|
2013-09-01 10:05:19 +02:00
|
|
|
const u8 *p2p_dev_addr = NULL;
|
2009-11-29 21:14:57 +01:00
|
|
|
|
|
|
|
if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) {
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO, "Station sent an invalid "
|
|
|
|
"association request");
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
|
|
|
|
|
|
|
resp = check_ssid(hapd, sta, elems.ssid, elems.ssid_len);
|
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
|
|
|
resp = check_wmm(hapd, sta, elems.wmm, elems.wmm_len);
|
2013-07-24 11:28:20 +02:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
|
|
|
resp = check_ext_capab(hapd, sta, elems.ext_capab, elems.ext_capab_len);
|
2009-11-29 21:14:57 +01:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
|
|
|
resp = copy_supp_rates(hapd, sta, &elems);
|
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
2009-12-06 18:41:47 +01:00
|
|
|
#ifdef CONFIG_IEEE80211N
|
2015-04-19 15:48:21 +02:00
|
|
|
resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities);
|
2009-11-29 21:14:57 +01:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
2011-02-09 14:08:47 +01:00
|
|
|
if (hapd->iconf->ieee80211n && hapd->iconf->require_ht &&
|
|
|
|
!(sta->flags & WLAN_STA_HT)) {
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO, "Station does not support "
|
|
|
|
"mandatory HT PHY - reject association");
|
|
|
|
return WLAN_STATUS_ASSOC_DENIED_NO_HT;
|
|
|
|
}
|
2009-12-06 18:41:47 +01:00
|
|
|
#endif /* CONFIG_IEEE80211N */
|
2009-11-29 21:14:57 +01:00
|
|
|
|
2012-08-10 18:49:18 +02:00
|
|
|
#ifdef CONFIG_IEEE80211AC
|
2015-09-22 15:56:00 +02:00
|
|
|
if (hapd->iconf->ieee80211ac) {
|
|
|
|
resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities);
|
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
2014-02-10 13:43:05 +01:00
|
|
|
|
2015-09-22 15:56:00 +02:00
|
|
|
resp = set_sta_vht_opmode(hapd, sta, elems.vht_opmode_notif);
|
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
|
|
|
}
|
2014-02-10 13:43:05 +01:00
|
|
|
|
2012-08-10 18:53:24 +02:00
|
|
|
if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht &&
|
|
|
|
!(sta->flags & WLAN_STA_VHT)) {
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO, "Station does not support "
|
|
|
|
"mandatory VHT PHY - reject association");
|
2013-12-24 20:19:45 +01:00
|
|
|
return WLAN_STATUS_ASSOC_DENIED_NO_VHT;
|
2012-08-10 18:53:24 +02:00
|
|
|
}
|
2014-11-10 16:12:29 +01:00
|
|
|
|
|
|
|
if (hapd->conf->vendor_vht && !elems.vht_capabilities) {
|
|
|
|
resp = copy_sta_vendor_vht(hapd, sta, elems.vendor_vht,
|
|
|
|
elems.vendor_vht_len);
|
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
|
|
|
}
|
2012-08-10 18:49:18 +02:00
|
|
|
#endif /* CONFIG_IEEE80211AC */
|
|
|
|
|
2013-09-01 10:05:19 +02:00
|
|
|
#ifdef CONFIG_P2P
|
|
|
|
if (elems.p2p) {
|
|
|
|
wpabuf_free(sta->p2p_ie);
|
|
|
|
sta->p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len,
|
|
|
|
P2P_IE_VENDOR_TYPE);
|
|
|
|
if (sta->p2p_ie)
|
|
|
|
p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie);
|
|
|
|
} else {
|
|
|
|
wpabuf_free(sta->p2p_ie);
|
|
|
|
sta->p2p_ie = NULL;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_P2P */
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems.rsn_ie) {
|
|
|
|
wpa_ie = elems.rsn_ie;
|
|
|
|
wpa_ie_len = elems.rsn_ie_len;
|
|
|
|
} else if ((hapd->conf->wpa & WPA_PROTO_WPA) &&
|
|
|
|
elems.wpa_ie) {
|
|
|
|
wpa_ie = elems.wpa_ie;
|
|
|
|
wpa_ie_len = elems.wpa_ie_len;
|
|
|
|
} else {
|
|
|
|
wpa_ie = NULL;
|
|
|
|
wpa_ie_len = 0;
|
|
|
|
}
|
2009-11-29 21:14:57 +01:00
|
|
|
|
2008-11-23 18:34:26 +01:00
|
|
|
#ifdef CONFIG_WPS
|
2011-08-28 18:16:59 +02:00
|
|
|
sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2);
|
2010-04-15 11:55:34 +02:00
|
|
|
if (hapd->conf->wps_state && elems.wps_ie) {
|
|
|
|
wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)Association "
|
|
|
|
"Request - assume WPS is used");
|
|
|
|
sta->flags |= WLAN_STA_WPS;
|
|
|
|
wpabuf_free(sta->wps_ie);
|
2010-05-26 17:17:13 +02:00
|
|
|
sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len,
|
|
|
|
WPS_IE_VENDOR_TYPE);
|
2011-08-28 18:16:59 +02:00
|
|
|
if (sta->wps_ie && wps_is_20(sta->wps_ie)) {
|
|
|
|
wpa_printf(MSG_DEBUG, "WPS: STA supports WPS 2.0");
|
|
|
|
sta->flags |= WLAN_STA_WPS2;
|
|
|
|
}
|
2010-04-15 11:55:34 +02:00
|
|
|
wpa_ie = NULL;
|
|
|
|
wpa_ie_len = 0;
|
2010-05-26 16:16:14 +02:00
|
|
|
if (sta->wps_ie && wps_validate_assoc_req(sta->wps_ie) < 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, "WPS: Invalid WPS IE in "
|
|
|
|
"(Re)Association Request - reject");
|
|
|
|
return WLAN_STATUS_INVALID_IE;
|
|
|
|
}
|
2010-04-15 11:55:34 +02:00
|
|
|
} else if (hapd->conf->wps_state && wpa_ie == NULL) {
|
|
|
|
wpa_printf(MSG_DEBUG, "STA did not include WPA/RSN IE in "
|
|
|
|
"(Re)Association Request - possible WPS use");
|
|
|
|
sta->flags |= WLAN_STA_MAYBE_WPS;
|
2008-11-23 18:34:26 +01:00
|
|
|
} else
|
|
|
|
#endif /* CONFIG_WPS */
|
2008-02-28 02:34:43 +01:00
|
|
|
if (hapd->conf->wpa && wpa_ie == NULL) {
|
2009-11-29 21:14:57 +01:00
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO,
|
|
|
|
"No WPA/RSN IE in association request");
|
|
|
|
return WLAN_STATUS_INVALID_IE;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (hapd->conf->wpa && wpa_ie) {
|
|
|
|
int res;
|
|
|
|
wpa_ie -= 2;
|
|
|
|
wpa_ie_len += 2;
|
|
|
|
if (sta->wpa_sm == NULL)
|
|
|
|
sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
|
2013-09-01 10:05:19 +02:00
|
|
|
sta->addr,
|
|
|
|
p2p_dev_addr);
|
2008-02-28 02:34:43 +01:00
|
|
|
if (sta->wpa_sm == NULL) {
|
2009-11-29 21:14:57 +01:00
|
|
|
wpa_printf(MSG_WARNING, "Failed to initialize WPA "
|
|
|
|
"state machine");
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
|
|
|
|
wpa_ie, wpa_ie_len,
|
|
|
|
elems.mdie, elems.mdie_len);
|
|
|
|
if (res == WPA_INVALID_GROUP)
|
|
|
|
resp = WLAN_STATUS_GROUP_CIPHER_NOT_VALID;
|
|
|
|
else if (res == WPA_INVALID_PAIRWISE)
|
|
|
|
resp = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID;
|
|
|
|
else if (res == WPA_INVALID_AKMP)
|
|
|
|
resp = WLAN_STATUS_AKMP_NOT_VALID;
|
|
|
|
else if (res == WPA_ALLOC_FAIL)
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
#ifdef CONFIG_IEEE80211W
|
|
|
|
else if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION)
|
2008-12-26 10:25:05 +01:00
|
|
|
resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION;
|
2008-02-28 02:34:43 +01:00
|
|
|
else if (res == WPA_INVALID_MGMT_GROUP_CIPHER)
|
2008-12-26 10:25:05 +01:00
|
|
|
resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION;
|
2008-02-28 02:34:43 +01:00
|
|
|
#endif /* CONFIG_IEEE80211W */
|
|
|
|
else if (res == WPA_INVALID_MDIE)
|
|
|
|
resp = WLAN_STATUS_INVALID_MDIE;
|
|
|
|
else if (res != WPA_IE_OK)
|
|
|
|
resp = WLAN_STATUS_INVALID_IE;
|
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
2009-11-29 21:14:57 +01:00
|
|
|
return resp;
|
2008-06-17 10:21:11 +02:00
|
|
|
#ifdef CONFIG_IEEE80211W
|
2008-12-26 11:30:34 +01:00
|
|
|
if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out &&
|
|
|
|
sta->sa_query_count > 0)
|
|
|
|
ap_check_sa_query_timeout(hapd, sta);
|
2008-12-26 11:55:35 +01:00
|
|
|
if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out &&
|
|
|
|
(!reassoc || sta->auth_alg != WLAN_AUTH_FT)) {
|
2008-08-31 10:04:47 +02:00
|
|
|
/*
|
2008-12-26 10:46:21 +01:00
|
|
|
* STA has already been associated with MFP and SA
|
|
|
|
* Query timeout has not been reached. Reject the
|
|
|
|
* association attempt temporarily and start SA Query,
|
|
|
|
* if one is not pending.
|
2008-08-31 10:04:47 +02:00
|
|
|
*/
|
|
|
|
|
2008-12-26 10:46:21 +01:00
|
|
|
if (sta->sa_query_count == 0)
|
|
|
|
ap_sta_start_sa_query(hapd, sta);
|
2008-08-31 10:04:47 +02:00
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY;
|
2008-08-31 10:04:47 +02:00
|
|
|
}
|
|
|
|
|
2008-06-17 10:21:11 +02:00
|
|
|
if (wpa_auth_uses_mfp(sta->wpa_sm))
|
|
|
|
sta->flags |= WLAN_STA_MFP;
|
|
|
|
else
|
|
|
|
sta->flags &= ~WLAN_STA_MFP;
|
|
|
|
#endif /* CONFIG_IEEE80211W */
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211R
|
|
|
|
if (sta->auth_alg == WLAN_AUTH_FT) {
|
|
|
|
if (!reassoc) {
|
|
|
|
wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried "
|
|
|
|
"to use association (not "
|
|
|
|
"re-association) with FT auth_alg",
|
|
|
|
MAC2STR(sta->addr));
|
2009-11-29 21:14:57 +01:00
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies,
|
|
|
|
ies_len);
|
2008-02-28 02:34:43 +01:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
2009-11-29 21:14:57 +01:00
|
|
|
return resp;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211R */
|
2009-11-29 21:14:57 +01:00
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
#ifdef CONFIG_SAE
|
|
|
|
if (wpa_auth_uses_sae(sta->wpa_sm) &&
|
2014-10-18 12:00:29 +02:00
|
|
|
sta->auth_alg == WLAN_AUTH_OPEN) {
|
|
|
|
struct rsn_pmksa_cache_entry *sa;
|
|
|
|
sa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
|
|
|
|
if (!sa || sa->akmp != WPA_KEY_MGMT_SAE) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: No PMKSA cache entry found for "
|
|
|
|
MACSTR, MAC2STR(sta->addr));
|
|
|
|
return WLAN_STATUS_INVALID_PMKID;
|
|
|
|
}
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: " MACSTR
|
|
|
|
" using PMKSA caching", MAC2STR(sta->addr));
|
|
|
|
} else if (wpa_auth_uses_sae(sta->wpa_sm) &&
|
|
|
|
sta->auth_alg != WLAN_AUTH_SAE &&
|
|
|
|
!(sta->auth_alg == WLAN_AUTH_FT &&
|
|
|
|
wpa_auth_uses_ft_sae(sta->wpa_sm))) {
|
2012-09-30 18:51:07 +02:00
|
|
|
wpa_printf(MSG_DEBUG, "SAE: " MACSTR " tried to use "
|
|
|
|
"SAE AKM after non-SAE auth_alg %u",
|
|
|
|
MAC2STR(sta->addr), sta->auth_alg);
|
|
|
|
return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_SAE */
|
|
|
|
|
2008-12-22 13:05:53 +01:00
|
|
|
#ifdef CONFIG_IEEE80211N
|
2012-08-11 09:53:03 +02:00
|
|
|
if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) &&
|
2008-12-22 13:05:53 +01:00
|
|
|
wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) {
|
2009-11-29 21:14:57 +01:00
|
|
|
hostapd_logger(hapd, sta->addr,
|
|
|
|
HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO,
|
|
|
|
"Station tried to use TKIP with HT "
|
|
|
|
"association");
|
|
|
|
return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY;
|
2008-12-22 13:05:53 +01:00
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211N */
|
2013-07-23 20:25:21 +02:00
|
|
|
#ifdef CONFIG_HS20
|
|
|
|
} else if (hapd->conf->osen) {
|
|
|
|
if (elems.osen == NULL) {
|
|
|
|
hostapd_logger(
|
|
|
|
hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO,
|
|
|
|
"No HS 2.0 OSEN element in association request");
|
|
|
|
return WLAN_STATUS_INVALID_IE;
|
|
|
|
}
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "HS 2.0: OSEN association");
|
|
|
|
if (sta->wpa_sm == NULL)
|
|
|
|
sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
|
|
|
|
sta->addr, NULL);
|
|
|
|
if (sta->wpa_sm == NULL) {
|
|
|
|
wpa_printf(MSG_WARNING, "Failed to initialize WPA "
|
|
|
|
"state machine");
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
|
|
|
if (wpa_validate_osen(hapd->wpa_auth, sta->wpa_sm,
|
|
|
|
elems.osen - 2, elems.osen_len + 2) < 0)
|
|
|
|
return WLAN_STATUS_INVALID_IE;
|
|
|
|
#endif /* CONFIG_HS20 */
|
2008-11-30 16:22:51 +01:00
|
|
|
} else
|
|
|
|
wpa_auth_sta_no_wpa(sta->wpa_sm);
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2010-07-18 23:30:25 +02:00
|
|
|
#ifdef CONFIG_P2P
|
2010-10-19 17:10:28 +02:00
|
|
|
p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len);
|
2010-07-18 23:30:25 +02:00
|
|
|
#endif /* CONFIG_P2P */
|
|
|
|
|
2012-11-21 23:19:17 +01:00
|
|
|
#ifdef CONFIG_HS20
|
|
|
|
wpabuf_free(sta->hs20_ie);
|
|
|
|
if (elems.hs20 && elems.hs20_len > 4) {
|
|
|
|
sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4,
|
|
|
|
elems.hs20_len - 4);
|
|
|
|
} else
|
|
|
|
sta->hs20_ie = NULL;
|
|
|
|
#endif /* CONFIG_HS20 */
|
|
|
|
|
2015-01-21 14:30:48 +01:00
|
|
|
#ifdef CONFIG_FST
|
|
|
|
wpabuf_free(sta->mb_ies);
|
|
|
|
if (hapd->iface->fst)
|
|
|
|
sta->mb_ies = mb_ies_by_info(&elems.mb_ies);
|
|
|
|
else
|
|
|
|
sta->mb_ies = NULL;
|
|
|
|
#endif /* CONFIG_FST */
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void send_deauth(struct hostapd_data *hapd, const u8 *addr,
|
|
|
|
u16 reason_code)
|
|
|
|
{
|
|
|
|
int send_len;
|
|
|
|
struct ieee80211_mgmt reply;
|
|
|
|
|
|
|
|
os_memset(&reply, 0, sizeof(reply));
|
|
|
|
reply.frame_control =
|
|
|
|
IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH);
|
|
|
|
os_memcpy(reply.da, addr, ETH_ALEN);
|
|
|
|
os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN);
|
|
|
|
os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN);
|
|
|
|
|
|
|
|
send_len = IEEE80211_HDRLEN + sizeof(reply.u.deauth);
|
|
|
|
reply.u.deauth.reason_code = host_to_le16(reason_code);
|
|
|
|
|
2011-11-19 18:02:05 +01:00
|
|
|
if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0)
|
2009-11-29 21:14:57 +01:00
|
|
|
wpa_printf(MSG_INFO, "Failed to send deauth: %s",
|
|
|
|
strerror(errno));
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
|
2009-12-13 22:25:30 +01:00
|
|
|
u16 status_code, int reassoc, const u8 *ies,
|
2009-11-29 21:14:57 +01:00
|
|
|
size_t ies_len)
|
|
|
|
{
|
|
|
|
int send_len;
|
|
|
|
u8 buf[sizeof(struct ieee80211_mgmt) + 1024];
|
|
|
|
struct ieee80211_mgmt *reply;
|
|
|
|
u8 *p;
|
|
|
|
|
|
|
|
os_memset(buf, 0, sizeof(buf));
|
|
|
|
reply = (struct ieee80211_mgmt *) buf;
|
|
|
|
reply->frame_control =
|
|
|
|
IEEE80211_FC(WLAN_FC_TYPE_MGMT,
|
|
|
|
(reassoc ? WLAN_FC_STYPE_REASSOC_RESP :
|
|
|
|
WLAN_FC_STYPE_ASSOC_RESP));
|
|
|
|
os_memcpy(reply->da, sta->addr, ETH_ALEN);
|
|
|
|
os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN);
|
|
|
|
os_memcpy(reply->bssid, hapd->own_addr, ETH_ALEN);
|
|
|
|
|
|
|
|
send_len = IEEE80211_HDRLEN;
|
|
|
|
send_len += sizeof(reply->u.assoc_resp);
|
|
|
|
reply->u.assoc_resp.capab_info =
|
2015-04-20 23:33:25 +02:00
|
|
|
host_to_le16(hostapd_own_capab_info(hapd));
|
2009-11-29 21:14:57 +01:00
|
|
|
reply->u.assoc_resp.status_code = host_to_le16(status_code);
|
2014-02-10 11:55:06 +01:00
|
|
|
reply->u.assoc_resp.aid = host_to_le16(sta->aid | BIT(14) | BIT(15));
|
2009-11-29 21:14:57 +01:00
|
|
|
/* Supported rates */
|
|
|
|
p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable);
|
|
|
|
/* Extended supported rates */
|
|
|
|
p = hostapd_eid_ext_supp_rates(hapd, p);
|
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211R
|
|
|
|
if (status_code == WLAN_STATUS_SUCCESS) {
|
|
|
|
/* IEEE 802.11r: Mobility Domain Information, Fast BSS
|
|
|
|
* Transition Information, RSN, [RIC Response] */
|
|
|
|
p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p,
|
|
|
|
buf + sizeof(buf) - p,
|
|
|
|
sta->auth_alg, ies, ies_len);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211R */
|
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211W
|
|
|
|
if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY)
|
|
|
|
p = hostapd_eid_assoc_comeback_time(hapd, sta, p);
|
|
|
|
#endif /* CONFIG_IEEE80211W */
|
|
|
|
|
2010-05-02 09:53:01 +02:00
|
|
|
#ifdef CONFIG_IEEE80211N
|
|
|
|
p = hostapd_eid_ht_capabilities(hapd, p);
|
|
|
|
p = hostapd_eid_ht_operation(hapd, p);
|
|
|
|
#endif /* CONFIG_IEEE80211N */
|
|
|
|
|
2012-08-10 18:51:17 +02:00
|
|
|
#ifdef CONFIG_IEEE80211AC
|
2014-11-10 16:12:29 +01:00
|
|
|
if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac) {
|
|
|
|
p = hostapd_eid_vht_capabilities(hapd, p);
|
|
|
|
p = hostapd_eid_vht_operation(hapd, p);
|
|
|
|
}
|
2012-08-10 18:51:17 +02:00
|
|
|
#endif /* CONFIG_IEEE80211AC */
|
|
|
|
|
2011-01-28 18:21:59 +01:00
|
|
|
p = hostapd_eid_ext_capab(hapd, p);
|
2012-05-28 02:35:00 +02:00
|
|
|
p = hostapd_eid_bss_max_idle_period(hapd, p);
|
2013-07-24 11:28:20 +02:00
|
|
|
if (sta->qos_map_enabled)
|
|
|
|
p = hostapd_eid_qos_map_set(hapd, p);
|
2011-01-28 18:21:59 +01:00
|
|
|
|
2015-01-21 14:30:48 +01:00
|
|
|
#ifdef CONFIG_FST
|
|
|
|
if (hapd->iface->fst_ies) {
|
|
|
|
os_memcpy(p, wpabuf_head(hapd->iface->fst_ies),
|
|
|
|
wpabuf_len(hapd->iface->fst_ies));
|
|
|
|
p += wpabuf_len(hapd->iface->fst_ies);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_FST */
|
|
|
|
|
2014-11-10 16:12:29 +01:00
|
|
|
#ifdef CONFIG_IEEE80211AC
|
|
|
|
if (hapd->conf->vendor_vht && (sta->flags & WLAN_STA_VENDOR_VHT))
|
|
|
|
p = hostapd_eid_vendor_vht(hapd, p);
|
|
|
|
#endif /* CONFIG_IEEE80211AC */
|
|
|
|
|
2010-05-02 09:53:01 +02:00
|
|
|
if (sta->flags & WLAN_STA_WMM)
|
|
|
|
p = hostapd_eid_wmm(hapd, p);
|
|
|
|
|
2010-05-26 17:46:08 +02:00
|
|
|
#ifdef CONFIG_WPS
|
2011-11-24 21:05:33 +01:00
|
|
|
if ((sta->flags & WLAN_STA_WPS) ||
|
|
|
|
((sta->flags & WLAN_STA_MAYBE_WPS) && hapd->conf->wpa)) {
|
2010-05-26 17:46:08 +02:00
|
|
|
struct wpabuf *wps = wps_build_assoc_resp_ie();
|
|
|
|
if (wps) {
|
|
|
|
os_memcpy(p, wpabuf_head(wps), wpabuf_len(wps));
|
|
|
|
p += wpabuf_len(wps);
|
|
|
|
wpabuf_free(wps);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_WPS */
|
|
|
|
|
2010-07-18 23:30:25 +02:00
|
|
|
#ifdef CONFIG_P2P
|
|
|
|
if (sta->p2p_ie) {
|
|
|
|
struct wpabuf *p2p_resp_ie;
|
|
|
|
enum p2p_status_code status;
|
|
|
|
switch (status_code) {
|
|
|
|
case WLAN_STATUS_SUCCESS:
|
|
|
|
status = P2P_SC_SUCCESS;
|
|
|
|
break;
|
|
|
|
case WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA:
|
|
|
|
status = P2P_SC_FAIL_LIMIT_REACHED;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
status = P2P_SC_FAIL_INVALID_PARAMS;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
p2p_resp_ie = p2p_group_assoc_resp_ie(hapd->p2p_group, status);
|
|
|
|
if (p2p_resp_ie) {
|
|
|
|
os_memcpy(p, wpabuf_head(p2p_resp_ie),
|
|
|
|
wpabuf_len(p2p_resp_ie));
|
|
|
|
p += wpabuf_len(p2p_resp_ie);
|
|
|
|
wpabuf_free(p2p_resp_ie);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_P2P */
|
|
|
|
|
2010-07-18 23:30:26 +02:00
|
|
|
#ifdef CONFIG_P2P_MANAGER
|
|
|
|
if (hapd->conf->p2p & P2P_MANAGE)
|
|
|
|
p = hostapd_eid_p2p_manage(hapd, p);
|
|
|
|
#endif /* CONFIG_P2P_MANAGER */
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
send_len += p - reply->u.assoc_resp.variable;
|
|
|
|
|
2011-11-19 18:02:05 +01:00
|
|
|
if (hostapd_drv_send_mlme(hapd, reply, send_len, 0) < 0)
|
2009-11-29 21:14:57 +01:00
|
|
|
wpa_printf(MSG_INFO, "Failed to send assoc resp: %s",
|
|
|
|
strerror(errno));
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void handle_assoc(struct hostapd_data *hapd,
|
2009-12-13 22:25:30 +01:00
|
|
|
const struct ieee80211_mgmt *mgmt, size_t len,
|
|
|
|
int reassoc)
|
2009-11-29 21:14:57 +01:00
|
|
|
{
|
2014-11-05 09:50:34 +01:00
|
|
|
u16 capab_info, listen_interval, seq_ctrl, fc;
|
2009-11-29 21:14:57 +01:00
|
|
|
u16 resp = WLAN_STATUS_SUCCESS;
|
2009-12-13 22:25:30 +01:00
|
|
|
const u8 *pos;
|
2009-11-29 21:14:57 +01:00
|
|
|
int left, i;
|
|
|
|
struct sta_info *sta;
|
|
|
|
|
|
|
|
if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
|
|
|
|
sizeof(mgmt->u.assoc_req))) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "handle_assoc(reassoc=%d) - too short payload (len=%lu)",
|
|
|
|
reassoc, (unsigned long) len);
|
2009-11-29 21:14:57 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2013-04-23 16:51:28 +02:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
if (reassoc) {
|
2014-04-26 10:09:29 +02:00
|
|
|
if (hapd->iconf->ignore_reassoc_probability > 0.0 &&
|
2013-04-23 16:51:28 +02:00
|
|
|
drand48() < hapd->iconf->ignore_reassoc_probability) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"TESTING: ignoring reassoc request from "
|
|
|
|
MACSTR, MAC2STR(mgmt->sa));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
} else {
|
2014-04-26 10:09:29 +02:00
|
|
|
if (hapd->iconf->ignore_assoc_probability > 0.0 &&
|
2013-04-23 16:51:28 +02:00
|
|
|
drand48() < hapd->iconf->ignore_assoc_probability) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"TESTING: ignoring assoc request from "
|
|
|
|
MACSTR, MAC2STR(mgmt->sa));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
|
|
|
|
2014-11-05 09:50:34 +01:00
|
|
|
fc = le_to_host16(mgmt->frame_control);
|
|
|
|
seq_ctrl = le_to_host16(mgmt->seq_ctrl);
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
if (reassoc) {
|
|
|
|
capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info);
|
|
|
|
listen_interval = le_to_host16(
|
|
|
|
mgmt->u.reassoc_req.listen_interval);
|
|
|
|
wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR
|
|
|
|
" capab_info=0x%02x listen_interval=%d current_ap="
|
2014-11-05 09:50:34 +01:00
|
|
|
MACSTR " seq_ctrl=0x%x%s",
|
2009-11-29 21:14:57 +01:00
|
|
|
MAC2STR(mgmt->sa), capab_info, listen_interval,
|
2014-11-05 09:50:34 +01:00
|
|
|
MAC2STR(mgmt->u.reassoc_req.current_ap),
|
|
|
|
seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
|
2009-11-29 21:14:57 +01:00
|
|
|
left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req));
|
|
|
|
pos = mgmt->u.reassoc_req.variable;
|
|
|
|
} else {
|
|
|
|
capab_info = le_to_host16(mgmt->u.assoc_req.capab_info);
|
|
|
|
listen_interval = le_to_host16(
|
|
|
|
mgmt->u.assoc_req.listen_interval);
|
|
|
|
wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR
|
2014-11-05 09:50:34 +01:00
|
|
|
" capab_info=0x%02x listen_interval=%d "
|
|
|
|
"seq_ctrl=0x%x%s",
|
|
|
|
MAC2STR(mgmt->sa), capab_info, listen_interval,
|
|
|
|
seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
|
2009-11-29 21:14:57 +01:00
|
|
|
left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req));
|
|
|
|
pos = mgmt->u.assoc_req.variable;
|
|
|
|
}
|
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, mgmt->sa);
|
|
|
|
#ifdef CONFIG_IEEE80211R
|
|
|
|
if (sta && sta->auth_alg == WLAN_AUTH_FT &&
|
|
|
|
(sta->flags & WLAN_STA_AUTH) == 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate "
|
|
|
|
"prior to authentication since it is using "
|
|
|
|
"over-the-DS FT", MAC2STR(mgmt->sa));
|
|
|
|
} else
|
|
|
|
#endif /* CONFIG_IEEE80211R */
|
|
|
|
if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) {
|
|
|
|
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO, "Station tried to "
|
|
|
|
"associate before authentication "
|
|
|
|
"(aid=%d flags=0x%x)",
|
|
|
|
sta ? sta->aid : -1,
|
|
|
|
sta ? sta->flags : 0);
|
|
|
|
send_deauth(hapd, mgmt->sa,
|
|
|
|
WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2014-11-05 09:50:34 +01:00
|
|
|
if ((fc & WLAN_FC_RETRY) &&
|
|
|
|
sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
|
|
|
|
sta->last_seq_ctrl == seq_ctrl &&
|
|
|
|
sta->last_subtype == reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
|
|
|
|
WLAN_FC_STYPE_ASSOC_REQ) {
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"Drop repeated association frame seq_ctrl=0x%x",
|
|
|
|
seq_ctrl);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
sta->last_seq_ctrl = seq_ctrl;
|
|
|
|
sta->last_subtype = reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
|
|
|
|
WLAN_FC_STYPE_ASSOC_REQ;
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
if (hapd->tkip_countermeasures) {
|
|
|
|
resp = WLAN_REASON_MICHAEL_MIC_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (listen_interval > hapd->conf->max_listen_interval) {
|
|
|
|
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"Too large Listen Interval (%d)",
|
|
|
|
listen_interval);
|
|
|
|
resp = WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* followed by SSID and Supported rates; and HT capabilities if 802.11n
|
|
|
|
* is used */
|
|
|
|
resp = check_assoc_ies(hapd, sta, pos, left, reassoc);
|
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
if (hostapd_get_aid(hapd, sta) < 0) {
|
|
|
|
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO, "No room for more AIDs");
|
|
|
|
resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
sta->capability = capab_info;
|
|
|
|
sta->listen_interval = listen_interval;
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G)
|
|
|
|
sta->flags |= WLAN_STA_NONERP;
|
|
|
|
for (i = 0; i < sta->supported_rates_len; i++) {
|
|
|
|
if ((sta->supported_rates[i] & 0x7f) > 22) {
|
|
|
|
sta->flags &= ~WLAN_STA_NONERP;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) {
|
|
|
|
sta->nonerp_set = 1;
|
|
|
|
hapd->iface->num_sta_non_erp++;
|
|
|
|
if (hapd->iface->num_sta_non_erp == 1)
|
|
|
|
ieee802_11_set_beacons(hapd->iface);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) &&
|
|
|
|
!sta->no_short_slot_time_set) {
|
|
|
|
sta->no_short_slot_time_set = 1;
|
|
|
|
hapd->iface->num_sta_no_short_slot_time++;
|
|
|
|
if (hapd->iface->current_mode->mode ==
|
|
|
|
HOSTAPD_MODE_IEEE80211G &&
|
|
|
|
hapd->iface->num_sta_no_short_slot_time == 1)
|
|
|
|
ieee802_11_set_beacons(hapd->iface);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE)
|
|
|
|
sta->flags |= WLAN_STA_SHORT_PREAMBLE;
|
|
|
|
else
|
|
|
|
sta->flags &= ~WLAN_STA_SHORT_PREAMBLE;
|
|
|
|
|
|
|
|
if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) &&
|
|
|
|
!sta->no_short_preamble_set) {
|
|
|
|
sta->no_short_preamble_set = 1;
|
|
|
|
hapd->iface->num_sta_no_short_preamble++;
|
|
|
|
if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
|
|
|
|
&& hapd->iface->num_sta_no_short_preamble == 1)
|
|
|
|
ieee802_11_set_beacons(hapd->iface);
|
|
|
|
}
|
|
|
|
|
2009-12-06 18:41:47 +01:00
|
|
|
#ifdef CONFIG_IEEE80211N
|
2009-11-29 21:14:57 +01:00
|
|
|
update_ht_state(hapd, sta);
|
2009-12-06 18:41:47 +01:00
|
|
|
#endif /* CONFIG_IEEE80211N */
|
2008-08-21 17:18:38 +02:00
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"association OK (aid %d)", sta->aid);
|
|
|
|
/* Station will be marked associated, after it acknowledges AssocResp
|
|
|
|
*/
|
2011-04-15 18:26:28 +02:00
|
|
|
sta->flags |= WLAN_STA_ASSOC_REQ_OK;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2008-12-26 14:56:30 +01:00
|
|
|
#ifdef CONFIG_IEEE80211W
|
|
|
|
if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) {
|
|
|
|
wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out "
|
|
|
|
"SA Query procedure", reassoc ? "re" : "");
|
|
|
|
/* TODO: Send a protected Disassociate frame to the STA using
|
|
|
|
* the old key and Reason Code "Previous Authentication no
|
|
|
|
* longer valid". Make sure this is only sent protected since
|
|
|
|
* unprotected frame would be received by the STA that is now
|
|
|
|
* trying to associate.
|
|
|
|
*/
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211W */
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
/* Make sure that the previously registered inactivity timer will not
|
|
|
|
* remove the STA immediately. */
|
|
|
|
sta->timeout_next = STA_NULLFUNC;
|
|
|
|
|
|
|
|
fail:
|
2009-11-29 21:14:57 +01:00
|
|
|
send_assoc_resp(hapd, sta, resp, reassoc, pos, left);
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void handle_disassoc(struct hostapd_data *hapd,
|
2009-12-13 22:05:39 +01:00
|
|
|
const struct ieee80211_mgmt *mgmt, size_t len)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
|
|
|
|
|
|
|
if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "handle_disassoc - too short payload (len=%lu)",
|
|
|
|
(unsigned long) len);
|
2008-02-28 02:34:43 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
|
|
|
|
MAC2STR(mgmt->sa),
|
|
|
|
le_to_host16(mgmt->u.disassoc.reason_code));
|
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, mgmt->sa);
|
|
|
|
if (sta == NULL) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "Station " MACSTR " trying to disassociate, but it is not associated",
|
|
|
|
MAC2STR(mgmt->sa));
|
2008-02-28 02:34:43 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2011-11-03 21:17:41 +01:00
|
|
|
ap_sta_set_authorized(hapd, sta, 0);
|
2014-11-05 09:50:34 +01:00
|
|
|
sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
|
2011-04-15 18:26:28 +02:00
|
|
|
sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
|
2008-02-28 02:34:43 +01:00
|
|
|
wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC);
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO, "disassociated");
|
|
|
|
sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
|
|
|
|
ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
|
|
|
|
/* Stop Accounting and IEEE 802.1X sessions, but leave the STA
|
|
|
|
* authenticated. */
|
|
|
|
accounting_sta_stop(hapd, sta);
|
2015-12-31 20:46:08 +01:00
|
|
|
ieee802_1x_free_station(hapd, sta);
|
AP: Add support for Proxy ARP, DHCP snooping mechanism
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.
This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
|
|
|
if (sta->ipaddr)
|
2014-11-06 01:15:46 +01:00
|
|
|
hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
|
2014-11-01 07:33:41 +01:00
|
|
|
ap_sta_ip6addr_del(hapd, sta);
|
2010-11-24 14:36:02 +01:00
|
|
|
hostapd_drv_sta_remove(hapd, sta->addr);
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
if (sta->timeout_next == STA_NULLFUNC ||
|
|
|
|
sta->timeout_next == STA_DISASSOC) {
|
|
|
|
sta->timeout_next = STA_DEAUTH;
|
|
|
|
eloop_cancel_timeout(ap_handle_timer, hapd, sta);
|
|
|
|
eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
|
|
|
|
hapd, sta);
|
|
|
|
}
|
|
|
|
|
|
|
|
mlme_disassociate_indication(
|
|
|
|
hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code));
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void handle_deauth(struct hostapd_data *hapd,
|
2009-12-13 22:05:39 +01:00
|
|
|
const struct ieee80211_mgmt *mgmt, size_t len)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
|
|
|
|
|
|
|
if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) {
|
2011-11-03 21:04:17 +01:00
|
|
|
wpa_msg(hapd->msg_ctx, MSG_DEBUG, "handle_deauth - too short "
|
|
|
|
"payload (len=%lu)", (unsigned long) len);
|
2008-02-28 02:34:43 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2011-11-03 21:04:17 +01:00
|
|
|
wpa_msg(hapd->msg_ctx, MSG_DEBUG, "deauthentication: STA=" MACSTR
|
2011-02-24 16:44:45 +01:00
|
|
|
" reason_code=%d",
|
|
|
|
MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code));
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, mgmt->sa);
|
|
|
|
if (sta == NULL) {
|
2011-11-03 21:04:17 +01:00
|
|
|
wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
|
|
|
|
"to deauthenticate, but it is not authenticated",
|
2011-02-24 16:44:45 +01:00
|
|
|
MAC2STR(mgmt->sa));
|
2008-02-28 02:34:43 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2011-11-03 21:17:41 +01:00
|
|
|
ap_sta_set_authorized(hapd, sta, 0);
|
2014-11-05 09:50:34 +01:00
|
|
|
sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
|
2011-04-15 18:26:28 +02:00
|
|
|
sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC |
|
|
|
|
WLAN_STA_ASSOC_REQ_OK);
|
2008-02-28 02:34:43 +01:00
|
|
|
wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG, "deauthenticated");
|
|
|
|
mlme_deauthenticate_indication(
|
|
|
|
hapd, sta, le_to_host16(mgmt->u.deauth.reason_code));
|
|
|
|
sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
|
|
|
|
ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
|
|
|
|
ap_free_sta(hapd, sta);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void handle_beacon(struct hostapd_data *hapd,
|
2009-12-13 22:25:30 +01:00
|
|
|
const struct ieee80211_mgmt *mgmt, size_t len,
|
2008-02-28 02:34:43 +01:00
|
|
|
struct hostapd_frame_info *fi)
|
|
|
|
{
|
|
|
|
struct ieee802_11_elems elems;
|
|
|
|
|
|
|
|
if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "handle_beacon - too short payload (len=%lu)",
|
|
|
|
(unsigned long) len);
|
2008-02-28 02:34:43 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2008-10-29 20:33:46 +01:00
|
|
|
(void) ieee802_11_parse_elems(mgmt->u.beacon.variable,
|
2008-02-28 02:34:43 +01:00
|
|
|
len - (IEEE80211_HDRLEN +
|
|
|
|
sizeof(mgmt->u.beacon)), &elems,
|
|
|
|
0);
|
|
|
|
|
|
|
|
ap_list_process_beacon(hapd->iface, mgmt, &elems, fi);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-08-31 10:04:47 +02:00
|
|
|
#ifdef CONFIG_IEEE80211W
|
2008-12-30 17:04:29 +01:00
|
|
|
|
2013-12-29 09:18:49 +01:00
|
|
|
static int hostapd_sa_query_action(struct hostapd_data *hapd,
|
|
|
|
const struct ieee80211_mgmt *mgmt,
|
|
|
|
size_t len)
|
2008-08-31 10:04:47 +02:00
|
|
|
{
|
2009-12-13 22:25:30 +01:00
|
|
|
const u8 *end;
|
2008-08-31 10:04:47 +02:00
|
|
|
|
2008-12-26 10:46:21 +01:00
|
|
|
end = mgmt->u.action.u.sa_query_resp.trans_id +
|
|
|
|
WLAN_SA_QUERY_TR_ID_LEN;
|
2008-08-31 10:04:47 +02:00
|
|
|
if (((u8 *) mgmt) + len < end) {
|
2008-12-26 10:46:21 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action "
|
2008-08-31 10:04:47 +02:00
|
|
|
"frame (len=%lu)", (unsigned long) len);
|
2013-12-29 09:18:49 +01:00
|
|
|
return 0;
|
2008-08-31 10:04:47 +02:00
|
|
|
}
|
|
|
|
|
2011-10-17 16:30:43 +02:00
|
|
|
ieee802_11_sa_query_action(hapd, mgmt->sa,
|
|
|
|
mgmt->u.action.u.sa_query_resp.action,
|
|
|
|
mgmt->u.action.u.sa_query_resp.trans_id);
|
2013-12-29 09:18:49 +01:00
|
|
|
return 1;
|
2008-08-31 10:04:47 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-05-08 11:51:28 +02:00
|
|
|
static int robust_action_frame(u8 category)
|
|
|
|
{
|
|
|
|
return category != WLAN_ACTION_PUBLIC &&
|
|
|
|
category != WLAN_ACTION_HT;
|
|
|
|
}
|
2009-05-26 16:08:43 +02:00
|
|
|
#endif /* CONFIG_IEEE80211W */
|
2009-05-08 11:51:28 +02:00
|
|
|
|
|
|
|
|
2013-12-29 09:18:49 +01:00
|
|
|
static int handle_action(struct hostapd_data *hapd,
|
|
|
|
const struct ieee80211_mgmt *mgmt, size_t len)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
2009-05-08 11:51:28 +02:00
|
|
|
struct sta_info *sta;
|
2011-10-23 11:42:55 +02:00
|
|
|
sta = ap_get_sta(hapd, mgmt->sa);
|
2009-05-08 11:51:28 +02:00
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (len < IEEE80211_HDRLEN + 1) {
|
|
|
|
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"handle_action - too short payload (len=%lu)",
|
|
|
|
(unsigned long) len);
|
2013-12-29 09:18:49 +01:00
|
|
|
return 0;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
2012-12-16 18:16:17 +01:00
|
|
|
if (mgmt->u.action.category != WLAN_ACTION_PUBLIC &&
|
|
|
|
(sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) {
|
|
|
|
wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action "
|
|
|
|
"frame (category=%u) from unassociated STA " MACSTR,
|
|
|
|
MAC2STR(mgmt->sa), mgmt->u.action.category);
|
2013-12-29 09:18:49 +01:00
|
|
|
return 0;
|
2012-12-16 18:16:17 +01:00
|
|
|
}
|
|
|
|
|
2009-05-08 11:51:28 +02:00
|
|
|
#ifdef CONFIG_IEEE80211W
|
|
|
|
if (sta && (sta->flags & WLAN_STA_MFP) &&
|
2014-01-23 09:24:21 +01:00
|
|
|
!(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP)) &&
|
|
|
|
robust_action_frame(mgmt->u.action.category)) {
|
2009-05-08 11:51:28 +02:00
|
|
|
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"Dropped unprotected Robust Action frame from "
|
|
|
|
"an MFP STA");
|
2013-12-29 09:18:49 +01:00
|
|
|
return 0;
|
2009-05-08 11:51:28 +02:00
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211W */
|
|
|
|
|
2014-11-05 09:50:34 +01:00
|
|
|
if (sta) {
|
|
|
|
u16 fc = le_to_host16(mgmt->frame_control);
|
|
|
|
u16 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
|
|
|
|
|
|
|
|
if ((fc & WLAN_FC_RETRY) &&
|
|
|
|
sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
|
|
|
|
sta->last_seq_ctrl == seq_ctrl &&
|
|
|
|
sta->last_subtype == WLAN_FC_STYPE_ACTION) {
|
|
|
|
hostapd_logger(hapd, sta->addr,
|
|
|
|
HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"Drop repeated action frame seq_ctrl=0x%x",
|
|
|
|
seq_ctrl);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
sta->last_seq_ctrl = seq_ctrl;
|
|
|
|
sta->last_subtype = WLAN_FC_STYPE_ACTION;
|
|
|
|
}
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
switch (mgmt->u.action.category) {
|
|
|
|
#ifdef CONFIG_IEEE80211R
|
|
|
|
case WLAN_ACTION_FT:
|
2014-04-26 10:51:19 +02:00
|
|
|
if (!sta ||
|
|
|
|
wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action,
|
2008-02-28 02:34:43 +01:00
|
|
|
len - IEEE80211_HDRLEN))
|
|
|
|
break;
|
2013-12-29 09:18:49 +01:00
|
|
|
return 1;
|
2008-02-28 02:34:43 +01:00
|
|
|
#endif /* CONFIG_IEEE80211R */
|
2008-08-31 10:06:58 +02:00
|
|
|
case WLAN_ACTION_WMM:
|
2009-03-04 11:33:24 +01:00
|
|
|
hostapd_wmm_action(hapd, mgmt, len);
|
2013-12-29 09:18:49 +01:00
|
|
|
return 1;
|
2008-08-31 10:04:47 +02:00
|
|
|
#ifdef CONFIG_IEEE80211W
|
2008-12-26 10:46:21 +01:00
|
|
|
case WLAN_ACTION_SA_QUERY:
|
2013-12-29 09:18:49 +01:00
|
|
|
return hostapd_sa_query_action(hapd, mgmt, len);
|
2008-08-31 10:04:47 +02:00
|
|
|
#endif /* CONFIG_IEEE80211W */
|
2012-12-16 18:16:17 +01:00
|
|
|
#ifdef CONFIG_WNM
|
|
|
|
case WLAN_ACTION_WNM:
|
2013-12-29 10:22:23 +01:00
|
|
|
ieee802_11_rx_wnm_action_ap(hapd, mgmt, len);
|
|
|
|
return 1;
|
2012-12-16 18:16:17 +01:00
|
|
|
#endif /* CONFIG_WNM */
|
2015-01-21 14:30:48 +01:00
|
|
|
#ifdef CONFIG_FST
|
|
|
|
case WLAN_ACTION_FST:
|
|
|
|
if (hapd->iface->fst)
|
|
|
|
fst_rx_action(hapd->iface->fst, mgmt, len);
|
2015-07-25 22:20:33 +02:00
|
|
|
else
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"FST: Ignore FST Action frame - no FST attached");
|
2015-01-21 14:30:48 +01:00
|
|
|
return 1;
|
|
|
|
#endif /* CONFIG_FST */
|
2010-04-11 19:33:33 +02:00
|
|
|
case WLAN_ACTION_PUBLIC:
|
2014-01-23 10:15:28 +01:00
|
|
|
case WLAN_ACTION_PROTECTED_DUAL:
|
2014-04-14 20:21:40 +02:00
|
|
|
#ifdef CONFIG_IEEE80211N
|
2015-05-03 15:24:01 +02:00
|
|
|
if (len >= IEEE80211_HDRLEN + 2 &&
|
|
|
|
mgmt->u.action.u.public_action.action ==
|
2014-04-14 20:21:40 +02:00
|
|
|
WLAN_PA_20_40_BSS_COEX) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"HT20/40 coex mgmt frame received from STA "
|
|
|
|
MACSTR, MAC2STR(mgmt->sa));
|
|
|
|
hostapd_2040_coex_action(hapd, mgmt, len);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211N */
|
2010-04-11 19:33:33 +02:00
|
|
|
if (hapd->public_action_cb) {
|
|
|
|
hapd->public_action_cb(hapd->public_action_cb_ctx,
|
|
|
|
(u8 *) mgmt, len,
|
|
|
|
hapd->iface->freq);
|
|
|
|
}
|
2013-02-04 14:38:35 +01:00
|
|
|
if (hapd->public_action_cb2) {
|
2013-02-16 18:15:05 +01:00
|
|
|
hapd->public_action_cb2(hapd->public_action_cb2_ctx,
|
2013-02-04 14:38:35 +01:00
|
|
|
(u8 *) mgmt, len,
|
|
|
|
hapd->iface->freq);
|
|
|
|
}
|
|
|
|
if (hapd->public_action_cb || hapd->public_action_cb2)
|
2013-12-29 09:18:49 +01:00
|
|
|
return 1;
|
2010-04-11 19:33:33 +02:00
|
|
|
break;
|
2010-07-18 23:30:25 +02:00
|
|
|
case WLAN_ACTION_VENDOR_SPECIFIC:
|
|
|
|
if (hapd->vendor_action_cb) {
|
|
|
|
if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx,
|
|
|
|
(u8 *) mgmt, len,
|
|
|
|
hapd->iface->freq) == 0)
|
2013-12-29 09:18:49 +01:00
|
|
|
return 1;
|
2010-07-18 23:30:25 +02:00
|
|
|
}
|
|
|
|
break;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"handle_action - unknown action category %d or invalid "
|
|
|
|
"frame",
|
|
|
|
mgmt->u.action.category);
|
|
|
|
if (!(mgmt->da[0] & 0x01) && !(mgmt->u.action.category & 0x80) &&
|
|
|
|
!(mgmt->sa[0] & 0x01)) {
|
2009-12-13 22:25:30 +01:00
|
|
|
struct ieee80211_mgmt *resp;
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
/*
|
|
|
|
* IEEE 802.11-REVma/D9.0 - 7.3.1.11
|
|
|
|
* Return the Action frame to the source without change
|
|
|
|
* except that MSB of the Category set to 1.
|
|
|
|
*/
|
|
|
|
wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action "
|
|
|
|
"frame back to sender");
|
2009-12-13 22:25:30 +01:00
|
|
|
resp = os_malloc(len);
|
|
|
|
if (resp == NULL)
|
2013-12-29 09:18:49 +01:00
|
|
|
return 0;
|
2009-12-13 22:25:30 +01:00
|
|
|
os_memcpy(resp, mgmt, len);
|
|
|
|
os_memcpy(resp->da, resp->sa, ETH_ALEN);
|
|
|
|
os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN);
|
|
|
|
os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN);
|
|
|
|
resp->u.action.category |= 0x80;
|
|
|
|
|
2012-08-19 17:34:16 +02:00
|
|
|
if (hostapd_drv_send_mlme(hapd, resp, len, 0) < 0) {
|
|
|
|
wpa_printf(MSG_ERROR, "IEEE 802.11: Failed to send "
|
|
|
|
"Action frame");
|
|
|
|
}
|
2009-12-13 22:25:30 +01:00
|
|
|
os_free(resp);
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
2013-12-29 09:18:49 +01:00
|
|
|
|
|
|
|
return 1;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ieee802_11_mgmt - process incoming IEEE 802.11 management frames
|
|
|
|
* @hapd: hostapd BSS data structure (the BSS to which the management frame was
|
|
|
|
* sent to)
|
|
|
|
* @buf: management frame data (starting from IEEE 802.11 header)
|
|
|
|
* @len: length of frame data in octets
|
2009-01-02 21:28:04 +01:00
|
|
|
* @fi: meta data about received frame (signal level, etc.)
|
2008-02-28 02:34:43 +01:00
|
|
|
*
|
|
|
|
* Process all incoming IEEE 802.11 management frames. This will be called for
|
|
|
|
* each frame received from the kernel driver through wlan#ap interface. In
|
|
|
|
* addition, it can be called to re-inserted pending frames (e.g., when using
|
|
|
|
* external RADIUS server as an MAC ACL).
|
|
|
|
*/
|
2013-12-29 09:18:49 +01:00
|
|
|
int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
|
|
|
|
struct hostapd_frame_info *fi)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
2009-12-13 22:05:39 +01:00
|
|
|
struct ieee80211_mgmt *mgmt;
|
2008-02-28 02:34:43 +01:00
|
|
|
int broadcast;
|
2009-12-13 22:05:39 +01:00
|
|
|
u16 fc, stype;
|
2013-12-29 09:18:49 +01:00
|
|
|
int ret = 0;
|
2009-12-13 22:05:39 +01:00
|
|
|
|
2011-01-17 11:21:29 +01:00
|
|
|
if (len < 24)
|
2013-12-29 09:18:49 +01:00
|
|
|
return 0;
|
2011-01-17 11:21:29 +01:00
|
|
|
|
2009-12-13 22:05:39 +01:00
|
|
|
mgmt = (struct ieee80211_mgmt *) buf;
|
|
|
|
fc = le_to_host16(mgmt->frame_control);
|
|
|
|
stype = WLAN_FC_GET_STYPE(fc);
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
if (stype == WLAN_FC_STYPE_BEACON) {
|
|
|
|
handle_beacon(hapd, mgmt, len, fi);
|
2013-12-29 09:18:49 +01:00
|
|
|
return 1;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
broadcast = mgmt->bssid[0] == 0xff && mgmt->bssid[1] == 0xff &&
|
|
|
|
mgmt->bssid[2] == 0xff && mgmt->bssid[3] == 0xff &&
|
|
|
|
mgmt->bssid[4] == 0xff && mgmt->bssid[5] == 0xff;
|
|
|
|
|
|
|
|
if (!broadcast &&
|
2011-12-04 11:10:11 +01:00
|
|
|
#ifdef CONFIG_P2P
|
|
|
|
/* Invitation responses can be sent with the peer MAC as BSSID */
|
|
|
|
!((hapd->conf->p2p & P2P_GROUP_OWNER) &&
|
|
|
|
stype == WLAN_FC_STYPE_ACTION) &&
|
|
|
|
#endif /* CONFIG_P2P */
|
2014-09-01 06:23:30 +02:00
|
|
|
#ifdef CONFIG_MESH
|
|
|
|
!(hapd->conf->mesh & MESH_ENABLED) &&
|
|
|
|
#endif /* CONFIG_MESH */
|
2008-11-21 19:48:58 +01:00
|
|
|
os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "MGMT: BSSID=" MACSTR " not our address",
|
|
|
|
MAC2STR(mgmt->bssid));
|
2013-12-29 09:18:49 +01:00
|
|
|
return 0;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (stype == WLAN_FC_STYPE_PROBE_REQ) {
|
2012-04-01 17:48:12 +02:00
|
|
|
handle_probe_req(hapd, mgmt, len, fi->ssi_signal);
|
2013-12-29 09:18:49 +01:00
|
|
|
return 1;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) {
|
|
|
|
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"MGMT: DA=" MACSTR " not our address",
|
|
|
|
MAC2STR(mgmt->da));
|
2013-12-29 09:18:49 +01:00
|
|
|
return 0;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
2015-09-05 18:38:06 +02:00
|
|
|
if (hapd->iconf->track_sta_max_num)
|
|
|
|
sta_track_add(hapd->iface, mgmt->sa);
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
switch (stype) {
|
|
|
|
case WLAN_FC_STYPE_AUTH:
|
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::auth");
|
|
|
|
handle_auth(hapd, mgmt, len);
|
2013-12-29 09:18:49 +01:00
|
|
|
ret = 1;
|
2008-02-28 02:34:43 +01:00
|
|
|
break;
|
|
|
|
case WLAN_FC_STYPE_ASSOC_REQ:
|
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::assoc_req");
|
|
|
|
handle_assoc(hapd, mgmt, len, 0);
|
2013-12-29 09:18:49 +01:00
|
|
|
ret = 1;
|
2008-02-28 02:34:43 +01:00
|
|
|
break;
|
|
|
|
case WLAN_FC_STYPE_REASSOC_REQ:
|
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::reassoc_req");
|
|
|
|
handle_assoc(hapd, mgmt, len, 1);
|
2013-12-29 09:18:49 +01:00
|
|
|
ret = 1;
|
2008-02-28 02:34:43 +01:00
|
|
|
break;
|
|
|
|
case WLAN_FC_STYPE_DISASSOC:
|
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::disassoc");
|
|
|
|
handle_disassoc(hapd, mgmt, len);
|
2013-12-29 09:18:49 +01:00
|
|
|
ret = 1;
|
2008-02-28 02:34:43 +01:00
|
|
|
break;
|
|
|
|
case WLAN_FC_STYPE_DEAUTH:
|
2011-11-03 21:04:17 +01:00
|
|
|
wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth");
|
2008-02-28 02:34:43 +01:00
|
|
|
handle_deauth(hapd, mgmt, len);
|
2013-12-29 09:18:49 +01:00
|
|
|
ret = 1;
|
2008-02-28 02:34:43 +01:00
|
|
|
break;
|
|
|
|
case WLAN_FC_STYPE_ACTION:
|
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::action");
|
2013-12-29 09:18:49 +01:00
|
|
|
ret = handle_action(hapd, mgmt, len);
|
2008-02-28 02:34:43 +01:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"unknown mgmt frame subtype %d", stype);
|
|
|
|
break;
|
|
|
|
}
|
2013-12-29 09:18:49 +01:00
|
|
|
|
|
|
|
return ret;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void handle_auth_cb(struct hostapd_data *hapd,
|
2009-12-13 22:05:39 +01:00
|
|
|
const struct ieee80211_mgmt *mgmt,
|
2008-02-28 02:34:43 +01:00
|
|
|
size_t len, int ok)
|
|
|
|
{
|
|
|
|
u16 auth_alg, auth_transaction, status_code;
|
|
|
|
struct sta_info *sta;
|
|
|
|
|
|
|
|
if (!ok) {
|
|
|
|
hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_NOTICE,
|
|
|
|
"did not acknowledge authentication response");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "handle_auth_cb - too short payload (len=%lu)",
|
|
|
|
(unsigned long) len);
|
2008-02-28 02:34:43 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
|
|
|
|
auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
|
|
|
|
status_code = le_to_host16(mgmt->u.auth.status_code);
|
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, mgmt->da);
|
|
|
|
if (!sta) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "handle_auth_cb: STA " MACSTR " not found",
|
|
|
|
MAC2STR(mgmt->da));
|
2008-02-28 02:34:43 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (status_code == WLAN_STATUS_SUCCESS &&
|
|
|
|
((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) ||
|
|
|
|
(auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) {
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO, "authenticated");
|
|
|
|
sta->flags |= WLAN_STA_AUTH;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-07-20 16:41:22 +02:00
|
|
|
static void hostapd_set_wds_encryption(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta,
|
|
|
|
char *ifname_wds)
|
|
|
|
{
|
|
|
|
int i;
|
2015-04-20 23:33:25 +02:00
|
|
|
struct hostapd_ssid *ssid = &hapd->conf->ssid;
|
2013-07-20 16:41:22 +02:00
|
|
|
|
|
|
|
if (hapd->conf->ieee802_1x || hapd->conf->wpa)
|
|
|
|
return;
|
|
|
|
|
|
|
|
for (i = 0; i < 4; i++) {
|
|
|
|
if (ssid->wep.key[i] &&
|
|
|
|
hostapd_drv_set_key(ifname_wds, hapd, WPA_ALG_WEP, NULL, i,
|
|
|
|
i == ssid->wep.idx, NULL, 0,
|
|
|
|
ssid->wep.key[i], ssid->wep.len[i])) {
|
|
|
|
wpa_printf(MSG_WARNING,
|
|
|
|
"Could not set WEP keys for WDS interface; %s",
|
|
|
|
ifname_wds);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
static void handle_assoc_cb(struct hostapd_data *hapd,
|
2009-12-13 22:05:39 +01:00
|
|
|
const struct ieee80211_mgmt *mgmt,
|
2008-02-28 02:34:43 +01:00
|
|
|
size_t len, int reassoc, int ok)
|
|
|
|
{
|
|
|
|
u16 status;
|
|
|
|
struct sta_info *sta;
|
|
|
|
int new_assoc = 1;
|
2009-11-29 12:04:21 +01:00
|
|
|
struct ieee80211_ht_capabilities ht_cap;
|
2012-12-28 16:30:30 +01:00
|
|
|
struct ieee80211_vht_capabilities vht_cap;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) :
|
|
|
|
sizeof(mgmt->u.assoc_resp))) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "handle_assoc_cb(reassoc=%d) - too short payload (len=%lu)",
|
|
|
|
reassoc, (unsigned long) len);
|
2008-02-28 02:34:43 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, mgmt->da);
|
|
|
|
if (!sta) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "handle_assoc_cb: STA " MACSTR " not found",
|
|
|
|
MAC2STR(mgmt->da));
|
2008-02-28 02:34:43 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2012-09-23 12:23:16 +02:00
|
|
|
if (!ok) {
|
|
|
|
hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"did not acknowledge association response");
|
|
|
|
sta->flags &= ~WLAN_STA_ASSOC_REQ_OK;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (reassoc)
|
|
|
|
status = le_to_host16(mgmt->u.reassoc_resp.status_code);
|
|
|
|
else
|
|
|
|
status = le_to_host16(mgmt->u.assoc_resp.status_code);
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (status != WLAN_STATUS_SUCCESS)
|
2014-03-15 08:57:10 +01:00
|
|
|
return;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
/* Stop previous accounting session, if one is started, and allocate
|
|
|
|
* new session id for the new session. */
|
|
|
|
accounting_sta_stop(hapd, sta);
|
|
|
|
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO,
|
2008-11-23 10:12:17 +01:00
|
|
|
"associated (aid %d)",
|
|
|
|
sta->aid);
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
if (sta->flags & WLAN_STA_ASSOC)
|
|
|
|
new_assoc = 0;
|
|
|
|
sta->flags |= WLAN_STA_ASSOC;
|
2013-12-27 18:06:52 +01:00
|
|
|
sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE;
|
2013-07-23 20:25:21 +02:00
|
|
|
if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa && !hapd->conf->osen) ||
|
2010-03-13 20:43:00 +01:00
|
|
|
sta->auth_alg == WLAN_AUTH_FT) {
|
|
|
|
/*
|
|
|
|
* Open, static WEP, or FT protocol; no separate authorization
|
|
|
|
* step.
|
|
|
|
*/
|
2011-02-02 15:52:32 +01:00
|
|
|
ap_sta_set_authorized(hapd, sta, 1);
|
2009-04-03 19:40:07 +02:00
|
|
|
}
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
if (reassoc)
|
|
|
|
mlme_reassociate_indication(hapd, sta);
|
|
|
|
else
|
|
|
|
mlme_associate_indication(hapd, sta);
|
|
|
|
|
2008-08-31 10:04:47 +02:00
|
|
|
#ifdef CONFIG_IEEE80211W
|
2008-12-26 10:46:21 +01:00
|
|
|
sta->sa_query_timed_out = 0;
|
2008-08-31 10:04:47 +02:00
|
|
|
#endif /* CONFIG_IEEE80211W */
|
|
|
|
|
2009-09-26 20:30:43 +02:00
|
|
|
/*
|
|
|
|
* Remove the STA entry in order to make sure the STA PS state gets
|
|
|
|
* cleared and configuration gets updated in case of reassociation back
|
|
|
|
* to the same AP.
|
|
|
|
*/
|
2010-11-24 14:36:02 +01:00
|
|
|
hostapd_drv_sta_remove(hapd, sta->addr);
|
2009-09-26 20:30:43 +02:00
|
|
|
|
2009-12-06 18:41:47 +01:00
|
|
|
#ifdef CONFIG_IEEE80211N
|
|
|
|
if (sta->flags & WLAN_STA_HT)
|
|
|
|
hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap);
|
|
|
|
#endif /* CONFIG_IEEE80211N */
|
2012-12-28 16:30:30 +01:00
|
|
|
#ifdef CONFIG_IEEE80211AC
|
|
|
|
if (sta->flags & WLAN_STA_VHT)
|
|
|
|
hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap);
|
|
|
|
#endif /* CONFIG_IEEE80211AC */
|
2009-12-06 18:41:47 +01:00
|
|
|
|
2010-11-24 15:50:06 +01:00
|
|
|
if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability,
|
|
|
|
sta->supported_rates, sta->supported_rates_len,
|
|
|
|
sta->listen_interval,
|
2011-07-12 19:26:52 +02:00
|
|
|
sta->flags & WLAN_STA_HT ? &ht_cap : NULL,
|
2012-12-28 16:30:30 +01:00
|
|
|
sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
|
2014-02-10 13:43:05 +01:00
|
|
|
sta->flags, sta->qosinfo, sta->vht_opmode)) {
|
2008-02-28 02:34:43 +01:00
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_NOTICE,
|
|
|
|
"Could not add STA to kernel driver");
|
2011-10-15 11:41:28 +02:00
|
|
|
|
|
|
|
ap_sta_disconnect(hapd, sta, sta->addr,
|
|
|
|
WLAN_REASON_DISASSOC_AP_BUSY);
|
|
|
|
|
2014-03-15 08:57:10 +01:00
|
|
|
return;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
2013-07-20 16:41:22 +02:00
|
|
|
if (sta->flags & WLAN_STA_WDS) {
|
|
|
|
int ret;
|
|
|
|
char ifname_wds[IFNAMSIZ + 1];
|
|
|
|
|
|
|
|
ret = hostapd_set_wds_sta(hapd, ifname_wds, sta->addr,
|
|
|
|
sta->aid, 1);
|
|
|
|
if (!ret)
|
|
|
|
hostapd_set_wds_encryption(hapd, sta, ifname_wds);
|
|
|
|
}
|
2010-11-09 02:44:02 +01:00
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (sta->eapol_sm == NULL) {
|
|
|
|
/*
|
|
|
|
* This STA does not use RADIUS server for EAP authentication,
|
|
|
|
* so bind it to the selected VLAN interface now, since the
|
|
|
|
* interface selection is not going to change anymore.
|
|
|
|
*/
|
Remove VLAN interface on STA free
Currently, vlan_remove_dynamic() is only called when the station VLAN ID
is changed (ap_sta_bind_vlan), but not when the station is freed. So
dynamic VLAN interfaces are not removed actually except within 1x
reauthentification VLAN ID change, although most of the code is already
there.
This patch fixes this by calling vlan_remove_dynamic() in ap_free_sta().
It cannot just use sta->vlan_id for this, as this might have been
changed without calling ap_sta_bind_vlan() (ap/ieee802_11.c:handle_auth
fetches from RADIUS cache for WPA-PSK), thus reference counting might
not have been updated. Additionally, reference counting might get wrong
due to old_vlanid = 0 being passed unconditionally, thus increasing the
reference counter multiple times.
So tracking the currently assigned (i.e., dynamic_vlan counter
increased) VLAN is done in a new variable sta->vlan_id_bound. Therefore,
the old_vlan_id argument of ap_sta_bind_vlan() is no longer needed and
setting the VLAN for the sta in driver happens unconditionally.
Additionally, vlan->dynamic_vlan is only incremented when it actually
is a dynamic VLAN.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-04-10 14:49:50 +02:00
|
|
|
if (ap_sta_bind_vlan(hapd, sta) < 0)
|
2014-03-15 08:57:10 +01:00
|
|
|
return;
|
2008-02-28 02:34:43 +01:00
|
|
|
} else if (sta->vlan_id) {
|
|
|
|
/* VLAN ID already set (e.g., by PMKSA caching), so bind STA */
|
Remove VLAN interface on STA free
Currently, vlan_remove_dynamic() is only called when the station VLAN ID
is changed (ap_sta_bind_vlan), but not when the station is freed. So
dynamic VLAN interfaces are not removed actually except within 1x
reauthentification VLAN ID change, although most of the code is already
there.
This patch fixes this by calling vlan_remove_dynamic() in ap_free_sta().
It cannot just use sta->vlan_id for this, as this might have been
changed without calling ap_sta_bind_vlan() (ap/ieee802_11.c:handle_auth
fetches from RADIUS cache for WPA-PSK), thus reference counting might
not have been updated. Additionally, reference counting might get wrong
due to old_vlanid = 0 being passed unconditionally, thus increasing the
reference counter multiple times.
So tracking the currently assigned (i.e., dynamic_vlan counter
increased) VLAN is done in a new variable sta->vlan_id_bound. Therefore,
the old_vlan_id argument of ap_sta_bind_vlan() is no longer needed and
setting the VLAN for the sta in driver happens unconditionally.
Additionally, vlan->dynamic_vlan is only incremented when it actually
is a dynamic VLAN.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-04-10 14:49:50 +02:00
|
|
|
if (ap_sta_bind_vlan(hapd, sta) < 0)
|
2014-03-15 08:57:10 +01:00
|
|
|
return;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
2009-05-11 12:49:57 +02:00
|
|
|
|
2010-11-24 15:50:06 +01:00
|
|
|
hostapd_set_sta_flags(hapd, sta);
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
if (sta->auth_alg == WLAN_AUTH_FT)
|
|
|
|
wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT);
|
|
|
|
else
|
|
|
|
wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC);
|
2009-12-24 22:42:13 +01:00
|
|
|
hapd->new_assoc_sta_cb(hapd, sta, !new_assoc);
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-08-28 22:07:02 +02:00
|
|
|
static void handle_deauth_cb(struct hostapd_data *hapd,
|
|
|
|
const struct ieee80211_mgmt *mgmt,
|
|
|
|
size_t len, int ok)
|
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
|
|
|
if (mgmt->da[0] & 0x01)
|
|
|
|
return;
|
|
|
|
sta = ap_get_sta(hapd, mgmt->da);
|
|
|
|
if (!sta) {
|
|
|
|
wpa_printf(MSG_DEBUG, "handle_deauth_cb: STA " MACSTR
|
|
|
|
" not found", MAC2STR(mgmt->da));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (ok)
|
|
|
|
wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged deauth",
|
|
|
|
MAC2STR(sta->addr));
|
|
|
|
else
|
|
|
|
wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge "
|
|
|
|
"deauth", MAC2STR(sta->addr));
|
|
|
|
|
|
|
|
ap_sta_deauth_cb(hapd, sta);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void handle_disassoc_cb(struct hostapd_data *hapd,
|
|
|
|
const struct ieee80211_mgmt *mgmt,
|
|
|
|
size_t len, int ok)
|
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
|
|
|
if (mgmt->da[0] & 0x01)
|
|
|
|
return;
|
|
|
|
sta = ap_get_sta(hapd, mgmt->da);
|
|
|
|
if (!sta) {
|
|
|
|
wpa_printf(MSG_DEBUG, "handle_disassoc_cb: STA " MACSTR
|
|
|
|
" not found", MAC2STR(mgmt->da));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (ok)
|
|
|
|
wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged disassoc",
|
|
|
|
MAC2STR(sta->addr));
|
|
|
|
else
|
|
|
|
wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge "
|
|
|
|
"disassoc", MAC2STR(sta->addr));
|
|
|
|
|
|
|
|
ap_sta_disassoc_cb(hapd, sta);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-01-08 15:33:00 +01:00
|
|
|
/**
|
|
|
|
* ieee802_11_mgmt_cb - Process management frame TX status callback
|
|
|
|
* @hapd: hostapd BSS data structure (the BSS from which the management frame
|
|
|
|
* was sent from)
|
|
|
|
* @buf: management frame data (starting from IEEE 802.11 header)
|
|
|
|
* @len: length of frame data in octets
|
|
|
|
* @stype: management frame subtype from frame control field
|
|
|
|
* @ok: Whether the frame was ACK'ed
|
|
|
|
*/
|
2009-12-13 22:05:39 +01:00
|
|
|
void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len,
|
2008-02-28 02:34:43 +01:00
|
|
|
u16 stype, int ok)
|
|
|
|
{
|
2009-12-13 22:05:39 +01:00
|
|
|
const struct ieee80211_mgmt *mgmt;
|
|
|
|
mgmt = (const struct ieee80211_mgmt *) buf;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2013-12-26 07:35:22 +01:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
if (hapd->ext_mgmt_frame_handling) {
|
|
|
|
wpa_msg(hapd->msg_ctx, MSG_INFO, "MGMT-TX-STATUS stype=%u ok=%d",
|
|
|
|
stype, ok);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
switch (stype) {
|
|
|
|
case WLAN_FC_STYPE_AUTH:
|
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::auth cb");
|
|
|
|
handle_auth_cb(hapd, mgmt, len, ok);
|
|
|
|
break;
|
|
|
|
case WLAN_FC_STYPE_ASSOC_RESP:
|
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb");
|
|
|
|
handle_assoc_cb(hapd, mgmt, len, 0, ok);
|
|
|
|
break;
|
|
|
|
case WLAN_FC_STYPE_REASSOC_RESP:
|
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb");
|
|
|
|
handle_assoc_cb(hapd, mgmt, len, 1, ok);
|
|
|
|
break;
|
|
|
|
case WLAN_FC_STYPE_PROBE_RESP:
|
2010-07-05 21:21:48 +02:00
|
|
|
wpa_printf(MSG_EXCESSIVE, "mgmt::proberesp cb");
|
2008-02-28 02:34:43 +01:00
|
|
|
break;
|
|
|
|
case WLAN_FC_STYPE_DEAUTH:
|
2011-08-28 22:07:02 +02:00
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::deauth cb");
|
|
|
|
handle_deauth_cb(hapd, mgmt, len, ok);
|
|
|
|
break;
|
|
|
|
case WLAN_FC_STYPE_DISASSOC:
|
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::disassoc cb");
|
|
|
|
handle_disassoc_cb(hapd, mgmt, len, ok);
|
2008-02-28 02:34:43 +01:00
|
|
|
break;
|
2008-08-31 10:04:47 +02:00
|
|
|
case WLAN_FC_STYPE_ACTION:
|
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::action cb");
|
|
|
|
break;
|
2008-02-28 02:34:43 +01:00
|
|
|
default:
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "unknown mgmt cb frame subtype %d", stype);
|
2008-02-28 02:34:43 +01:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
|
|
|
|
{
|
|
|
|
/* TODO */
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
char *buf, size_t buflen)
|
|
|
|
{
|
|
|
|
/* TODO */
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2009-12-13 22:05:39 +01:00
|
|
|
|
|
|
|
void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr,
|
|
|
|
const u8 *buf, size_t len, int ack)
|
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
|
|
|
struct hostapd_iface *iface = hapd->iface;
|
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, addr);
|
|
|
|
if (sta == NULL && iface->num_bss > 1) {
|
|
|
|
size_t j;
|
|
|
|
for (j = 0; j < iface->num_bss; j++) {
|
|
|
|
hapd = iface->bss[j];
|
|
|
|
sta = ap_get_sta(hapd, addr);
|
|
|
|
if (sta)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2012-02-14 20:04:14 +01:00
|
|
|
if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))
|
2009-12-13 22:05:39 +01:00
|
|
|
return;
|
|
|
|
if (sta->flags & WLAN_STA_PENDING_POLL) {
|
|
|
|
wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending "
|
|
|
|
"activity poll", MAC2STR(sta->addr),
|
|
|
|
ack ? "ACKed" : "did not ACK");
|
|
|
|
if (ack)
|
|
|
|
sta->flags &= ~WLAN_STA_PENDING_POLL;
|
|
|
|
}
|
|
|
|
|
|
|
|
ieee802_1x_tx_status(hapd, sta, buf, len, ack);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-11-19 12:00:30 +01:00
|
|
|
void hostapd_eapol_tx_status(struct hostapd_data *hapd, const u8 *dst,
|
|
|
|
const u8 *data, size_t len, int ack)
|
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
|
|
|
struct hostapd_iface *iface = hapd->iface;
|
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, dst);
|
|
|
|
if (sta == NULL && iface->num_bss > 1) {
|
|
|
|
size_t j;
|
|
|
|
for (j = 0; j < iface->num_bss; j++) {
|
|
|
|
hapd = iface->bss[j];
|
|
|
|
sta = ap_get_sta(hapd, dst);
|
|
|
|
if (sta)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2012-02-04 11:18:56 +01:00
|
|
|
if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) {
|
|
|
|
wpa_printf(MSG_DEBUG, "Ignore TX status for Data frame to STA "
|
|
|
|
MACSTR " that is not currently associated",
|
|
|
|
MAC2STR(dst));
|
2011-11-19 12:00:30 +01:00
|
|
|
return;
|
2012-02-04 11:18:56 +01:00
|
|
|
}
|
2011-11-19 12:00:30 +01:00
|
|
|
|
|
|
|
ieee802_1x_eapol_tx_status(hapd, sta, data, len, ack);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-10-20 20:03:08 +02:00
|
|
|
void hostapd_client_poll_ok(struct hostapd_data *hapd, const u8 *addr)
|
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
|
|
|
struct hostapd_iface *iface = hapd->iface;
|
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, addr);
|
|
|
|
if (sta == NULL && iface->num_bss > 1) {
|
|
|
|
size_t j;
|
|
|
|
for (j = 0; j < iface->num_bss; j++) {
|
|
|
|
hapd = iface->bss[j];
|
|
|
|
sta = ap_get_sta(hapd, addr);
|
|
|
|
if (sta)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (sta == NULL)
|
|
|
|
return;
|
|
|
|
if (!(sta->flags & WLAN_STA_PENDING_POLL))
|
|
|
|
return;
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "STA " MACSTR " ACKed pending "
|
|
|
|
"activity poll", MAC2STR(sta->addr));
|
|
|
|
sta->flags &= ~WLAN_STA_PENDING_POLL;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-12-24 10:46:22 +01:00
|
|
|
void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src,
|
|
|
|
int wds)
|
2009-12-13 22:05:39 +01:00
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, src);
|
2009-12-24 10:46:22 +01:00
|
|
|
if (sta && (sta->flags & WLAN_STA_ASSOC)) {
|
2012-09-23 12:25:49 +02:00
|
|
|
if (!hapd->conf->wds_sta)
|
|
|
|
return;
|
|
|
|
|
2009-12-24 10:46:22 +01:00
|
|
|
if (wds && !(sta->flags & WLAN_STA_WDS)) {
|
2013-07-20 16:41:22 +02:00
|
|
|
int ret;
|
|
|
|
char ifname_wds[IFNAMSIZ + 1];
|
|
|
|
|
2009-12-24 10:46:22 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for "
|
|
|
|
"STA " MACSTR " (aid %u)",
|
|
|
|
MAC2STR(sta->addr), sta->aid);
|
|
|
|
sta->flags |= WLAN_STA_WDS;
|
2013-07-20 16:41:22 +02:00
|
|
|
ret = hostapd_set_wds_sta(hapd, ifname_wds,
|
|
|
|
sta->addr, sta->aid, 1);
|
|
|
|
if (!ret)
|
|
|
|
hostapd_set_wds_encryption(hapd, sta,
|
|
|
|
ifname_wds);
|
2009-12-24 10:46:22 +01:00
|
|
|
}
|
2009-12-13 22:05:39 +01:00
|
|
|
return;
|
2009-12-24 10:46:22 +01:00
|
|
|
}
|
2009-12-13 22:05:39 +01:00
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA "
|
|
|
|
MACSTR, MAC2STR(src));
|
2010-12-05 02:40:36 +01:00
|
|
|
if (src[0] & 0x01) {
|
|
|
|
/* Broadcast bit set in SA?! Ignore the frame silently. */
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2011-04-15 18:26:28 +02:00
|
|
|
if (sta && (sta->flags & WLAN_STA_ASSOC_REQ_OK)) {
|
|
|
|
wpa_printf(MSG_DEBUG, "Association Response to the STA has "
|
|
|
|
"already been sent, but no TX status yet known - "
|
|
|
|
"ignore Class 3 frame issue with " MACSTR,
|
|
|
|
MAC2STR(src));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2009-12-13 22:05:39 +01:00
|
|
|
if (sta && (sta->flags & WLAN_STA_AUTH))
|
2010-11-24 14:36:02 +01:00
|
|
|
hostapd_drv_sta_disassoc(
|
2009-12-13 22:05:39 +01:00
|
|
|
hapd, src,
|
|
|
|
WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
|
|
|
|
else
|
2010-11-24 14:36:02 +01:00
|
|
|
hostapd_drv_sta_deauth(
|
2009-12-13 22:05:39 +01:00
|
|
|
hapd, src,
|
|
|
|
WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
#endif /* CONFIG_NATIVE_WINDOWS */
|